ZAP by Checkmarx Scanning Report

Sites: https://127.0.0.1 http://127.0.0.1

Generated on Mon, 28 Oct 2024 21:01:37

ZAP Version: 2.15.0

ZAP by Checkmarx

Summary of Alerts

Risk Level Number of Alerts
High
4
Medium
13
Low
11
Informational
13

Alerts

Name Risk Level Number of Instances
Cross Site Scripting (Reflected) High 17
Path Traversal High 10
Remote File Inclusion High 9
SQL Injection - MySQL High 4
Absence of Anti-CSRF Tokens Medium 155
Application Error Disclosure Medium 154
CSP: Wildcard Directive Medium 135
CSP: script-src unsafe-inline Medium 135
CSP: style-src unsafe-inline Medium 140
Content Security Policy (CSP) Header Not Set Medium 884
Cross-Domain Misconfiguration Medium 2
Directory Browsing Medium 142
HTTP to HTTPS Insecure Transition in Form Post Medium 89
Hidden File Found Medium 1
Missing Anti-clickjacking Header Medium 697
Parameter Tampering Medium 15
Vulnerable JS Library Medium 3
CSP: Notices Low 5
Cookie No HttpOnly Flag Low 163
Cookie Without Secure Flag Low 149
Cookie without SameSite Attribute Low 2
Private IP Disclosure Low 13
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) Low 1089
Server Leaks Version Information via "Server" HTTP Response Header Field Low 1754
Strict-Transport-Security Disabled Low 228
Strict-Transport-Security Header Not Set Low 329
Timestamp Disclosure - Unix Low 4
X-Content-Type-Options Header Missing Low 942
Authentication Request Identified Informational 12
Charset Mismatch (Header Versus Meta Content-Type Charset) Informational 153
Content-Type Header Missing Informational 123
Cookie Poisoning Informational 2
GET for POST Informational 1
Information Disclosure - Sensitive Information in URL Informational 18
Information Disclosure - Suspicious Comments Informational 335
Modern Web Application Informational 376
Re-examine Cache-control Directives Informational 212
Session Management Response Identified Informational 41
User Agent Fuzzer Informational 521
User Controllable HTML Element Attribute (Potential XSS) Informational 342
WSDL File Detection Informational 8

Alert Detail

High
Cross Site Scripting (Reflected)
Description
Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.

When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.

There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.

Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.

Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.
URL http://127.0.0.1/?page=%22+onMouseOver%3D%22alert%281%29%3B
Method GET
Parameter page
Attack " onMouseOver="alert(1);
Evidence " onMouseOver="alert(1);
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=%3C%2Fdiv%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cdiv%3E
Method GET
Parameter pagename
Attack </div><scrIpt>alert(1);</scRipt><div>
Evidence </div><scrIpt>alert(1);</scRipt><div>
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=%22+onMouseOver%3D%22alert%281%29%3B
Method GET
Parameter page
Attack " onMouseOver="alert(1);
Evidence " onMouseOver="alert(1);
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=%22+onMouseOver%3D%22alert%281%29%3B
Method GET
Parameter page
Attack " onMouseOver="alert(1);
Evidence " onMouseOver="alert(1);
Other Info
URL http://127.0.0.1/index.php?page=%22+onMouseOver%3D%22alert%281%29%3B
Method GET
Parameter page
Attack " onMouseOver="alert(1);
Evidence " onMouseOver="alert(1);
Other Info
URL http://127.0.0.1/index.php?page=%22+onMouseOver%3D%22alert%281%29%3B&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter page
Attack " onMouseOver="alert(1);
Evidence " onMouseOver="alert(1);
Other Info
URL http://127.0.0.1/index.php?page=%22+onMouseOver%3D%22alert%281%29%3B&redirectPage=captured-data.php
Method GET
Parameter page
Attack " onMouseOver="alert(1);
Evidence " onMouseOver="alert(1);
Other Info
URL http://127.0.0.1/index.php?page=%22+onMouseOver%3D%22alert%281%29%3B&username=anonymous
Method GET
Parameter page
Attack " onMouseOver="alert(1);
Evidence " onMouseOver="alert(1);
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=%22%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E
Method GET
Parameter redirectPage
Attack "><scrIpt>alert(1);</scRipt>
Evidence "><scrIpt>alert(1);</scRipt>
Other Info
URL http://127.0.0.1/index.php?page=password-generator.php&username=%22%3Balert%281%29%3B%22
Method GET
Parameter username
Attack ";alert(1);"
Evidence ";alert(1);"
Other Info
URL http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=javascript%3Aalert%281%29%3B
Method GET
Parameter page-to-frame
Attack javascript:alert(1);
Evidence javascript:alert(1);
Other Info
URL http://127.0.0.1/index.php?PathToDocument=%3C%2Fdiv%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cdiv%3E&page=document-viewer.php
Method GET
Parameter PathToDocument
Attack </div><scrIpt>alert(1);</scRipt><div>
Evidence </div><scrIpt>alert(1);</scRipt><div>
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=%22+onMouseOver%3D%22alert%281%29%3B
Method GET
Parameter page
Attack " onMouseOver="alert(1);
Evidence " onMouseOver="alert(1);
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=%22+onMouseOver%3D%22alert%281%29%3B
Method GET
Parameter page
Attack " onMouseOver="alert(1);
Evidence " onMouseOver="alert(1);
Other Info
URL http://127.0.0.1/index.php?page=%22+onMouseOver%3D%22alert%281%29%3B
Method POST
Parameter page
Attack " onMouseOver="alert(1);
Evidence " onMouseOver="alert(1);
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter password
Attack '"<scrIpt>alert(1);</scRipt>
Evidence '"<scrIpt>alert(1);</scRipt>
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter username
Attack '"<scrIpt>alert(1);</scRipt>
Evidence '"<scrIpt>alert(1);</scRipt>
Other Info
Instances 17
Solution
Phase: Architecture and Design

Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.

Phases: Implementation; Architecture and Design

Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.

For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.

Consult the XSS Prevention Cheat Sheet for more details on the types of encoding and escaping that are needed.

Phase: Architecture and Design

For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.

Phase: Implementation

For every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.

To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.

Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."

Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.

Reference https://owasp.org/www-community/attacks/xss/
https://cwe.mitre.org/data/definitions/79.html
CWE Id 79
WASC Id 8
Plugin Id 40012
High
Path Traversal
Description
The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.

Most web sites restrict user access to a specific portion of the file-system, typically called the "web document root" or "CGI root" directory. These directories contain the files intended for user access and the executable necessary to drive web application functionality. To access files or execute commands anywhere on the file-system, Path Traversal attacks will utilize the ability of special-characters sequences.

The most basic Path Traversal attack uses the "../" special-character sequence to alter the resource location requested in the URL. Although most popular web servers will prevent this technique from escaping the web document root, alternate encodings of the "../" sequence may help bypass the security filters. These method variations include valid and invalid Unicode-encoding ("..%u2216" or "..%c0%af") of the forward slash character, backslash characters ("..\") on Windows-based servers, URL encoded characters "%2e%2e%2f"), and double URL encoding ("..%255c") of the backslash character.

Even if the web server properly restricts Path Traversal attempts in the URL path, a web application itself may still be vulnerable due to improper handling of user-supplied input. This is a common problem of web applications that use template mechanisms or load static text from files. In variations of the attack, the original URL parameter value is substituted with the file name of one of the web application's dynamic scripts. Consequently, the results can reveal source code because the file is interpreted as text instead of an executable script. These techniques often employ additional special characters such as the dot (".") to reveal the listing of the current working directory, or "%00" NULL characters in order to bypass rudimentary file extension checks.
URL http://127.0.0.1/?page=%2Fetc%2Fpasswd
Method GET
Parameter page
Attack /etc/passwd
Evidence root:x:0:0
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=%2Fetc%2Fpasswd
Method GET
Parameter page
Attack /etc/passwd
Evidence root:x:0:0
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=%2Fetc%2Fpasswd
Method GET
Parameter page
Attack /etc/passwd
Evidence root:x:0:0
Other Info
URL http://127.0.0.1/index.php?page=%2Fetc%2Fpasswd
Method GET
Parameter page
Attack /etc/passwd
Evidence root:x:0:0
Other Info
URL http://127.0.0.1/index.php?page=%2Fetc%2Fpasswd&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter page
Attack /etc/passwd
Evidence root:x:0:0
Other Info
URL http://127.0.0.1/index.php?page=%2Fetc%2Fpasswd&redirectPage=captured-data.php
Method GET
Parameter page
Attack /etc/passwd
Evidence root:x:0:0
Other Info
URL http://127.0.0.1/index.php?page=%2Fetc%2Fpasswd&username=anonymous
Method GET
Parameter page
Attack /etc/passwd
Evidence root:x:0:0
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=%2Fetc%2Fpasswd
Method GET
Parameter page
Attack /etc/passwd
Evidence root:x:0:0
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=%2Fetc%2Fpasswd
Method GET
Parameter page
Attack /etc/passwd
Evidence root:x:0:0
Other Info
URL http://127.0.0.1/index.php?page=%2Fetc%2Fpasswd
Method POST
Parameter page
Attack /etc/passwd
Evidence root:x:0:0
Other Info
Instances 10
Solution
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."

For filenames, use stringent allow lists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses, and exclude directory separators such as "/". Use an allow list of allowable file extensions.

Warning: if you attempt to cleanse your data, then do so that the end result is not in the form that can be dangerous. A sanitizing mechanism can remove characters such as '.' and ';' which may be required for some exploits. An attacker can try to fool the sanitizing mechanism into "cleaning" data into a dangerous form. Suppose the attacker injects a '.' inside a filename (e.g. "sensi.tiveFile") and the sanitizing mechanism removes the character resulting in the valid filename, "sensitiveFile". If the input data are now assumed to be safe, then the file may be compromised.

Inputs should be decoded and canonicalized to the application's current internal representation before being validated. Make sure that your application does not decode the same input twice. Such errors could be used to bypass allow list schemes by introducing dangerous inputs after they have been checked.

Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links.

Run your code using the lowest privileges that are required to accomplish the necessary tasks. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.

Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by your software.

OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows you to specify restrictions on file operations.

This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
Reference https://owasp.org/www-community/attacks/Path_Traversal
https://cwe.mitre.org/data/definitions/22.html
CWE Id 22
WASC Id 33
Plugin Id 6
High
Remote File Inclusion
Description
Remote File Include (RFI) is an attack technique used to exploit "dynamic file include" mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code.

Almost all web application frameworks support file inclusion. File inclusion is mainly used for packaging common code into separate files that are later referenced by main application modules. When a web application references an include file, the code in this file may be executed implicitly or explicitly by calling specific procedures. If the choice of module to load is based on elements from the HTTP request, the web application might be vulnerable to RFI.

An attacker can use RFI for:

* Running malicious code on the server: any code in the included malicious files will be run by the server. If the file include is not executed using some wrapper, code in include files is executed in the context of the server user. This could lead to a complete system compromise.

* Running malicious code on clients: the attacker's malicious code can manipulate the content of the response sent to the client. The attacker can embed malicious code in the response that will be run by the client (for example, JavaScript to steal the client session cookies).

PHP is particularly vulnerable to RFI attacks due to the extensive use of "file includes" in PHP programming and due to default server configurations that increase susceptibility to an RFI attack.
URL http://127.0.0.1/?page=http%3A%2F%2Fwww.google.com%2F
Method GET
Parameter page
Attack http://www.google.com/
Evidence <title>Google</title>
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=http%3A%2F%2Fwww.google.com%2F
Method GET
Parameter page
Attack http://www.google.com/
Evidence <title>Google</title>
Other Info
URL http://127.0.0.1/index.php?page=http%3A%2F%2Fwww.google.com%2F
Method GET
Parameter page
Attack http://www.google.com/
Evidence <title>Google</title>
Other Info
URL http://127.0.0.1/index.php?page=http%3A%2F%2Fwww.google.com%2F&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter page
Attack http://www.google.com/
Evidence <title>Google</title>
Other Info
URL http://127.0.0.1/index.php?page=http%3A%2F%2Fwww.google.com%2F&redirectPage=captured-data.php
Method GET
Parameter page
Attack http://www.google.com/
Evidence <title>Google</title>
Other Info
URL http://127.0.0.1/index.php?page=http%3A%2F%2Fwww.google.com%2F&username=anonymous
Method GET
Parameter page
Attack http://www.google.com/
Evidence <title>Google</title>
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=http%3A%2F%2Fwww.google.com%2F
Method GET
Parameter page
Attack http://www.google.com/
Evidence <title>Google</title>
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=http%3A%2F%2Fwww.google.com%2F
Method GET
Parameter page
Attack http://www.google.com/
Evidence <title>Google</title>
Other Info
URL http://127.0.0.1/index.php?page=http%3A%2F%2Fwww.google.com%2F
Method POST
Parameter page
Attack http://www.google.com/
Evidence <title>Google</title>
Other Info
Instances 9
Solution
Phase: Architecture and Design

When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.

For example, ID 1 could map to "inbox.txt" and ID 2 could map to "profile.txt". Features such as the ESAPI AccessReferenceMap provide this capability.

Phases: Architecture and Design; Operation

Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by your software.

OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows you to specify restrictions on file operations.

This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.

Be careful to avoid CWE-243 and other weaknesses related to jails.

For PHP, the interpreter offers restrictions such as open basedir or safe mode which can make it more difficult for an attacker to escape out of the application. Also consider Suhosin, a hardened PHP extension, which includes various options that disable some of the more dangerous PHP features.

Phase: Implementation

Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."

For filenames, use stringent allow lists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use an allow list of allowable file extensions, which will help to avoid CWE-434.

Phases: Architecture and Design; Operation

Store library, include, and utility files outside of the web document root, if possible. Otherwise, store them in a separate directory and use the web server's access control capabilities to prevent attackers from directly requesting them. One common practice is to define a fixed constant in each calling program, then check for the existence of the constant in the library/include file; if the constant does not exist, then the file was directly requested, and it can exit immediately.

This significantly reduces the chance of an attacker being able to bypass any protection mechanisms that are in the base program but not in the include files. It will also reduce your attack surface.

Phases: Architecture and Design; Implementation

Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.

Many file inclusion problems occur because the programmer assumed that certain inputs could not be modified, especially for cookies and URL components.
Reference https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion
https://cwe.mitre.org/data/definitions/98.html
CWE Id 98
WASC Id 5
Plugin Id 7
High
SQL Injection - MySQL
Description
SQL injection may be possible.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=%27
Method GET
Parameter level1HintIncludeFile
Attack '
Evidence You have an error in your SQL syntax
Other Info RDBMS [MySQL] likely, given error message regular expression [\QYou have an error in your SQL syntax\E] matched by the HTML results. The vulnerability was detected by manipulating the parameter to cause a database error message to be returned and recognised.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=%27
Method GET
Parameter pagename
Attack '
Evidence You have an error in your SQL syntax
Other Info RDBMS [MySQL] likely, given error message regular expression [\QYou have an error in your SQL syntax\E] matched by the HTML results. The vulnerability was detected by manipulating the parameter to cause a database error message to be returned and recognised.
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter password
Attack '
Evidence You have an error in your SQL syntax
Other Info RDBMS [MySQL] likely, given error message regular expression [\QYou have an error in your SQL syntax\E] matched by the HTML results. The vulnerability was detected by manipulating the parameter to cause a database error message to be returned and recognised.
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter username
Attack '
Evidence You have an error in your SQL syntax
Other Info RDBMS [MySQL] likely, given error message regular expression [\QYou have an error in your SQL syntax\E] matched by the HTML results. The vulnerability was detected by manipulating the parameter to cause a database error message to be returned and recognised.
Instances 4
Solution
Do not trust client side input, even if there is client side validation in place.

In general, type check all data on the server side.

If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'

If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.

If database Stored Procedures can be used, use them.

Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!

Do not create dynamic SQL queries using simple string concatenation.

Escape all data received from the client.

Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.

Apply the principle of least privilege by using the least privileged database user possible.

In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.

Grant the minimum database access that is necessary for the application.
Reference https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
CWE Id 89
WASC Id 19
Plugin Id 40018
Medium
Absence of Anti-CSRF Tokens
Description
No Anti-CSRF tokens were found in a HTML submission form.

A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

CSRF attacks are effective in a number of situations, including:

* The victim has an active session on the target site.

* The victim is authenticated via HTTP auth on the target site.

* The victim is on the same local network as the target site.

CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence <form action="index.php?page=login.php" method="post" enctype="application/x-www-form-urlencoded" onsubmit="return onSubmitOfLoginForm(this);" id="idLoginForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "login-php-submit-button" "password" "redirectPage" "username" ].
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method POST
Parameter
Attack
Evidence <form action="index.php?page=content-security-policy.php" method="post" enctype="application/x-www-form-urlencoded" id="idCSPForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "content-security-policy-php-submit-button" "idMessageInput" ].
URL https://127.0.0.1/index.php?page=html5-storage.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=html5-storage.php
Method POST
Parameter
Attack
Evidence <form action="index.php?page=html5-storage.php" method="post" enctype="application/x-www-form-urlencoded" onsubmit="return false;" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "idDOMStorageItemInput" "idDOMStorageKeyInput" "SessionStorageType" ].
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method POST
Parameter
Attack
Evidence <form action="" method="post" enctype="application/x-www-form-urlencoded" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "1" "2" "3" "4" "5" "submit-button" ].
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence <form action="index.php?page=login.php" method="post" enctype="application/x-www-form-urlencoded" onsubmit="return onSubmitOfLoginForm(this);" id="idLoginForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "login-php-submit-button" "password" "redirectPage" "username" ].
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method POST
Parameter
Attack
Evidence <form action="index.php?page=pen-test-tool-lookup.php" method="post" enctype="application/x-www-form-urlencoded" onsubmit="" id="idForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "pen-test-tool-lookup-php-submit-button" ].
URL https://127.0.0.1/index.php?page=register.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=set-background-color.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=set-background-color.php
Method POST
Parameter
Attack
Evidence <form action="index.php?page=set-background-color.php" method="post" enctype="application/x-www-form-urlencoded" onsubmit="return onSubmitOfForm(this);" style="background-color:#ZAP" >
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "id_background_color" "set-background-color-php-submit-button" ].
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method POST
Parameter
Attack
Evidence <form action="index.php?page=test-connectivity.php" method="post" enctype="application/x-www-form-urlencoded" id="idEchoForm">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "echo-php-submit-button" "idServerURLInput" ].
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method POST
Parameter
Attack
Evidence <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "cmd" "hosted_button_id" "submit" ].
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method POST
Parameter
Attack
Evidence <form action="./index.php?page=user-info-xpath.php" method="GET" enctype="application/x-www-form-urlencoded" onsubmit="return onSubmitOfForm(this);" >
Other Info No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 2: "page" "password" "user-info-php-submit-button" "username" ].
Instances 155
Solution
Phase: Architecture and Design

Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

For example, use anti-CSRF packages such as the OWASP CSRFGuard.

Phase: Implementation

Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

Phase: Architecture and Design

Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

Note that this can be bypassed using XSS.

Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

Note that this can be bypassed using XSS.

Use the ESAPI Session Management control.

This control includes a component for CSRF.

Do not use the GET method for any request that triggers a state change.

Phase: Implementation

Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.
Reference https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html
https://cwe.mitre.org/data/definitions/352.html
CWE Id 352
WASC Id 9
Plugin Id 10202
Medium
Application Error Disclosure
Description
This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.
URL http://127.0.0.1/classes/
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/classes/?C=D;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/classes/?C=D;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/classes/?C=M;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/classes/?C=M;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/classes/?C=N;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/classes/?C=N;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/classes/?C=S;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/classes/?C=S;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/data/?C=D;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/data/?C=M;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/data/?C=M;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/data/?C=N;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/data/?C=N;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/data/?C=S;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/data/?C=S;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/documentation/
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/documentation/?C=D;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/documentation/?C=D;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/documentation/?C=M;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/documentation/?C=M;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/documentation/?C=N;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/documentation/?C=N;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/documentation/?C=S;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/documentation/?C=S;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/documentation/installation.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: require_once(./includes/constants.php): Failed to open stream: No such file or directory in <b>/var/www/mutillidae/documentation/installation.php</b> on line <b>7</b><br />
Other Info
URL http://127.0.0.1/documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: require_once(./includes/constants.php): Failed to open stream: No such file or directory in <b>/var/www/mutillidae/documentation/usage-instructions.php</b> on line <b>7</b><br />
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25
Method GET
Parameter
Attack
Evidence You have an error in your SQL syntax
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter
Attack
Evidence You have an error in your SQL syntax
Other Info
URL http://127.0.0.1/includes/
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/?C=D;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/?C=D;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/?C=M;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/?C=M;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/?C=N;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/?C=N;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/?C=S;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/?C=S;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/footer.php</b> on line <b>8</b><br />
Other Info
URL http://127.0.0.1/includes/header.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/header.php</b> on line <b>2</b><br />
Other Info
URL http://127.0.0.1/includes/header.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/header.php</b> on line <b>2</b><br />
Other Info
URL http://127.0.0.1/includes/header.php?page=credits.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/header.php</b> on line <b>2</b><br />
Other Info
URL http://127.0.0.1/includes/header.php?page=show-log.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/header.php</b> on line <b>2</b><br />
Other Info
URL http://127.0.0.1/includes/header.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/header.php</b> on line <b>2</b><br />
Other Info
URL http://127.0.0.1/includes/hints/
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/hints/?C=D;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/hints/?C=D;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/hints/?C=M;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/hints/?C=M;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/hints/?C=N;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/hints/?C=N;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/hints/?C=S;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/hints/?C=S;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/information-disclosure-comment.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/information-disclosure-comment.php</b> on line <b>12</b><br />
Other Info
URL http://127.0.0.1/includes/log-visit.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined variable $LogHandler in <b>/var/www/mutillidae/includes/log-visit.php</b> on line <b>17</b><br />
Other Info
URL http://127.0.0.1/includes/main-menu.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined variable $logged_in_user in <b>/var/www/mutillidae/includes/main-menu.php</b> on line <b>151</b><br />
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined variable $logged_in_user in <b>/var/www/mutillidae/includes/main-menu.php</b> on line <b>151</b><br />
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=credits.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined variable $logged_in_user in <b>/var/www/mutillidae/includes/main-menu.php</b> on line <b>151</b><br />
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=show-log.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined variable $logged_in_user in <b>/var/www/mutillidae/includes/main-menu.php</b> on line <b>151</b><br />
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined variable $logged_in_user in <b>/var/www/mutillidae/includes/main-menu.php</b> on line <b>151</b><br />
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined array key "pagename" in <b>/var/www/mutillidae/includes/pop-up-help-context-generator.php</b> on line <b>20</b><br />
Other Info
URL http://127.0.0.1/includes/process-commands.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/process-commands.php</b> on line <b>12</b><br />
Other Info
URL http://127.0.0.1/includes/process-login-attempt.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined global variable $_SESSION in <b>/var/www/mutillidae/includes/process-login-attempt.php</b> on line <b>14</b><br />
Other Info
URL http://127.0.0.1/javascript/
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/?C=D;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/?C=D;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/?C=M;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/?C=M;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/?C=N;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/?C=N;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/?C=S;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/?C=S;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/gritter/
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/gritter/?C=D;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/gritter/?C=D;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/gritter/?C=M;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/gritter/?C=M;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/gritter/?C=N;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/gritter/?C=N;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/gritter/?C=S;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/gritter/?C=S;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/hints/
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/hints/?C=D;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/hints/?C=M;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/hints/?C=N;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/hints/?C=S;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/inline-initializers/
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=D;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=D;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=M;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=M;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=N;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=N;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=S;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=S;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=D;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=D;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=M;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=M;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=N;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=N;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=S;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=S;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=D;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=M;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=N;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=S;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images/
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=D;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=D;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=M;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=M;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=N;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=N;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=S;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=S;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/passwords/?C=D;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/passwords/?C=M;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/passwords/?C=M;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/passwords/?C=N;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/passwords/?C=N;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/passwords/?C=S;O=A
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL http://127.0.0.1/passwords/?C=S;O=D
Method GET
Parameter
Attack
Evidence Parent Directory
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=19
Method GET
Parameter
Attack
Evidence You have an error in your SQL syntax
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25
Method GET
Parameter
Attack
Evidence You have an error in your SQL syntax
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=29
Method GET
Parameter
Attack
Evidence You have an error in your SQL syntax
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter
Attack
Evidence You have an error in your SQL syntax
Other Info
URL https://127.0.0.1/index.php?page=browser-info.php
Method GET
Parameter
Attack
Evidence <b>Fatal error</b>: Invalid callback self::doHandleException, cannot access &quot;self&quot; when no class scope is active in <b>Unknown</b> on line <b>0</b><br />
Other Info
URL https://127.0.0.1/index.php?page=client-side-control-challenge.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined variable $lFields in <b>/var/www/mutillidae/client-side-control-challenge.php</b> on line <b>516</b><br />
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined variable $lErrorNoChoiceMade in <b>/var/www/mutillidae/pen-test-tool-lookup.php</b> on line <b>144</b><br />
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined variable $lErrorNoChoiceMade in <b>/var/www/mutillidae/pen-test-tool-lookup.php</b> on line <b>144</b><br />
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined variable $lErrorNoChoiceMade in <b>/var/www/mutillidae/pen-test-tool-lookup.php</b> on line <b>144</b><br />
Other Info
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined array key "forwardurl" in <b>/var/www/mutillidae/redirectandlog.php</b> on line <b>30</b><br />
Other Info
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence <b>Warning</b>: Undefined array key "forwardurl" in <b>/var/www/mutillidae/redirectandlog.php</b> on line <b>30</b><br />
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence <b>Warning</b>: Undefined variable $cUSERNAME_OR_PASSWORD_INCORRECT in <b>/var/www/mutillidae/includes/process-login-attempt.php</b> on line <b>48</b><br />
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence <b>Warning</b>: Undefined variable $cACCOUNT_DOES_NOT_EXIST in <b>/var/www/mutillidae/includes/process-login-attempt.php</b> on line <b>49</b><br />
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence <b>Warning</b>: Undefined variable $cUSERNAME_OR_PASSWORD_INCORRECT in <b>/var/www/mutillidae/includes/process-login-attempt.php</b> on line <b>48</b><br />
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method POST
Parameter
Attack
Evidence <b>Warning</b>: Undefined variable $lPenTestToolsJSON in <b>/var/www/mutillidae/pen-test-tool-lookup.php</b> on line <b>150</b><br />
Other Info
Instances 154
Solution
Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.
Reference
CWE Id 200
WASC Id 13
Plugin Id 90022
Medium
CSP: Wildcard Directive
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL http://127.0.0.1/
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=captured-data.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=documentation/installation.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=documentation/usage-instructions.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-10.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-11.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-12.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-13.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-15.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-16.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-17.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-18.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-20.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-21.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-22.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-23.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-24.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-25.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-26.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-27.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-28.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-29.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-30.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-31.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-32.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-33.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-34.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-35.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-36.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-37.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-38.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-39.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-40.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-41.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-42.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-43.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-44.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-45.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-46.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-47.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-48.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-49.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-50.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-51.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-52.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-55.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-56.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-57.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-58.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-59.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-60.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-61.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-62.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=labs/lab-63.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=show-log.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/?page=add-to-your-blog.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/?page=credits.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=L1H0
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SL0
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SSLE1
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=add-to-your-blog.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=back-button-discussion.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=capture-data.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=conference-room-lookup.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=cors.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=dns-lookup.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=L1H1
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=jwt.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=echo.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=repeater.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=source-viewer.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=phpinfo.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=privilege-escalation.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=secret-administrative-pages.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=set-background-color.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=sqlmap-targets.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=ssl-misconfiguration.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=text-file-viewer.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=user-info.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=user-poll.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=view-someones-blog.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=xml-validator.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=html5-storage.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
URL https://127.0.0.1/index.php?page=set-background-color.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
Instances 135
Solution
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
Reference https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy
https://content-security-policy.com/
https://github.com/HtmlUnit/htmlunit-csp
https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
CWE Id 693
WASC Id 15
Plugin Id 10055
Medium
CSP: script-src unsafe-inline
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL http://127.0.0.1/
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=captured-data.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=documentation/installation.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=documentation/usage-instructions.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-10.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-11.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-12.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-13.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-15.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-16.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-17.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-18.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-20.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-21.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-22.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-23.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-24.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-25.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-26.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-27.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-28.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-29.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-30.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-31.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-32.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-33.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-34.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-35.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-36.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-37.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-38.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-39.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-40.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-41.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-42.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-43.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-44.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-45.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-46.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-47.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-48.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-49.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-50.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-51.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-52.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-55.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-56.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-57.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-58.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-59.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-60.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-61.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-62.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-63.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=show-log.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/?page=add-to-your-blog.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/?page=credits.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=L1H0
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SL0
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SSLE1
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=add-to-your-blog.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=back-button-discussion.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=capture-data.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=conference-room-lookup.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=cors.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=dns-lookup.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=L1H1
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=jwt.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=echo.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=repeater.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=source-viewer.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=phpinfo.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=privilege-escalation.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=secret-administrative-pages.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=set-background-color.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=sqlmap-targets.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=ssl-misconfiguration.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=text-file-viewer.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=user-info.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=user-poll.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=view-someones-blog.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=xml-validator.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=html5-storage.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=set-background-color.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info script-src includes unsafe-inline.
Instances 135
Solution
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
Reference https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy
https://content-security-policy.com/
https://github.com/HtmlUnit/htmlunit-csp
https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
CWE Id 693
WASC Id 15
Plugin Id 10055
Medium
CSP: style-src unsafe-inline
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL http://127.0.0.1/
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=captured-data.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=documentation/installation.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=documentation/usage-instructions.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-10.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-11.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-12.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-13.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-15.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-16.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-17.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-18.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-20.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-21.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-22.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-23.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-24.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-25.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-26.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-27.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-28.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-29.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-30.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-31.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-32.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-33.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-34.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-35.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-36.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-37.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-38.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-39.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-40.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-41.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-42.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-43.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-44.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-45.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-46.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-47.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-48.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-49.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-50.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-51.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-52.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-55.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-56.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-57.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-58.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-59.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-60.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-61.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-62.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=labs/lab-63.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=show-log.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/?page=add-to-your-blog.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/?page=credits.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=L1H0
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SL0
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SSLE1
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=add-to-your-blog.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=back-button-discussion.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=capture-data.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=conference-room-lookup.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence script-src 'self' 'nonce-a4115737d0b9b2ef04a90882f4c4d2855d6cb0845a403f1b06c28a79bcb04d94';style-src 'unsafe-inline' 'self' fonts.googleapis.com;img-src 'self' www.paypalobjects.com;connect-src 'self' cors.mutillidae.localhost;font-src fonts.googleapis.com fonts.gstatic.com;frame-src 'self';media-src 'none';object-src 'none';worker-src 'none';child-src 'none';manifest-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri includes/capture-data.php;report-to csp-endpoint;
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=L1H1
Method GET
Parameter Content-Security-Policy
Attack
Evidence script-src 'self' 'nonce-83057af36b2ed8071b8eea3dcce4f107aa2f4bb1b139598872924f3c8a237074';style-src 'unsafe-inline' 'self' fonts.googleapis.com;img-src 'self' www.paypalobjects.com;connect-src 'self' cors.mutillidae.localhost;font-src fonts.googleapis.com fonts.gstatic.com;frame-src 'self';media-src 'none';object-src 'none';worker-src 'none';child-src 'none';manifest-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri includes/capture-data.php;report-to csp-endpoint;
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SL5
Method GET
Parameter Content-Security-Policy
Attack
Evidence script-src 'self' 'nonce-41f4641c75c767dda07dda44a7c8bb31c976eaf6dce8f9c4eb80e9223edb1a6c';style-src 'unsafe-inline' 'self' fonts.googleapis.com;img-src 'self' www.paypalobjects.com;connect-src 'self' cors.mutillidae.localhost;font-src fonts.googleapis.com fonts.gstatic.com;frame-src 'self';media-src 'none';object-src 'none';worker-src 'none';child-src 'none';manifest-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri includes/capture-data.php;report-to csp-endpoint;
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SSLE1
Method GET
Parameter Content-Security-Policy
Attack
Evidence script-src 'self' 'nonce-ef0211642517270a1a28460bdcd86db4c1433b8a5d9c3d58bc48989d5fec06f9';style-src 'unsafe-inline' 'self' fonts.googleapis.com;img-src 'self' www.paypalobjects.com;connect-src 'self' cors.mutillidae.localhost;font-src fonts.googleapis.com fonts.gstatic.com;frame-src 'self';media-src 'none';object-src 'none';worker-src 'none';child-src 'none';manifest-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri includes/capture-data.php;report-to csp-endpoint;
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=cors.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=dns-lookup.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=L1H1
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=jwt.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=echo.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=repeater.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=source-viewer.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=phpinfo.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=privilege-escalation.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=secret-administrative-pages.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=set-background-color.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=sqlmap-targets.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=ssl-misconfiguration.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=text-file-viewer.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=user-info.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=user-poll.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=view-someones-blog.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=xml-validator.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence script-src 'self' 'nonce-e11409dad956c4cc010a48dbbaf5bbecd03a168e8ebcdff4ed3fee5d147d98d3';style-src 'unsafe-inline' 'self' fonts.googleapis.com;img-src 'self' www.paypalobjects.com;connect-src 'self' cors.mutillidae.localhost;font-src fonts.googleapis.com fonts.gstatic.com;frame-src 'self';media-src 'none';object-src 'none';worker-src 'none';child-src 'none';manifest-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri includes/capture-data.php;report-to csp-endpoint;
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=html5-storage.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
URL https://127.0.0.1/index.php?page=set-background-color.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence frame-ancestors 'none';
Other Info style-src includes unsafe-inline.
Instances 140
Solution
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
Reference https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy
https://content-security-policy.com/
https://github.com/HtmlUnit/htmlunit-csp
https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
CWE Id 693
WASC Id 15
Plugin Id 10055
Medium
Content Security Policy (CSP) Header Not Set
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL http://127.0.0.1
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=D;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=D;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=M;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=M;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=N;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=N;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=S;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=S;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/ClientInformationHandler.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/CSRFTokenHandler.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/CustomErrorHandler.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/DirectoryIterationHandler.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/EncodingHandler.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/FileUploadExceptionHandler.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/JWT.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/LogHandler.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/MySQLHandler.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/RemoteFileHandler.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/RequiredSoftwareHandler.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/SQLQueryHandler.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/XMLHandler.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/YouTubeVideoHandler.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/config.inc
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/configuration/openldap/mutillidae.ldif
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=M;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=M;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=N;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=N;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=S;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=S;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=D;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=D;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=M;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=M;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=N;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=N;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=S;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=S;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/installation.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/favicon.ico
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/framer.html
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=1
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=10
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=101
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=102
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=103
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=104
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=105
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=107
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=108
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=109
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=11
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=110
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=111
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=112
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=114
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=116
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=117
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=118
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=119
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=12
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=120
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=121
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=123
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=125
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=126
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=127
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=128
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=129
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=13
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=39
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=40
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=48
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=56
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=57
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=59
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=60
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=61
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=62
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=64
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=86
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=9
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=97
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=99
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=D;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=D;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=M;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=M;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=N;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=N;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=S;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=S;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/capture-data.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/constants.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/documentation/mutillidae-installation-on-xampp-win7.pdf
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/framer.html
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/header.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/header.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/header.php?page=credits.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/header.php?page=show-log.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/header.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=D;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=D;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=M;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=M;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=N;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=N;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=S;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=S;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/images/bullet_black.png
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/images/coykillericon-50-38.png
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/images/favicon.ico
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/images/pdf-icon-48-48.png
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/images/twitter-bird-48-48.png
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/images/youtube-play-icon-40-40.png
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?do=toggle-enforce-ssl&page=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$lPage%20in%20%3Cb%3E/var/www/mutillidae/includes/header.php%3C/b%3E%20on%20line%20%3Cb%3E133%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?do=toggle-hints&page
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?do=toggle-security&page=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$lPage%20in%20%3Cb%3E/var/www/mutillidae/includes/header.php%3C/b%3E%20on%20line%20%3Cb%3E131%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=arbitrary-file-inclusion.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=back-button-discussion.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=browser-info.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=cache-control.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=capture-data.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=captured-data.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=client-side-comments.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=client-side-control-challenge.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=conference-room-lookup.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=content-security-policy.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=cors.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=credits.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=directory-browsing.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=dns-lookup.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=documentation/installation.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=echo.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=edit-account-profile.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=framing.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=html5-storage.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=jwt.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=nice-tabby-cat.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E151%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E167%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E187%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E452%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E470%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E581%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=phpinfo.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=privilege-escalation.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=register.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=repeater.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=robots-txt.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=secret-administrative-pages.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=set-background-color.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=show-log.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=source-viewer.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=sqlmap-targets.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=ssl-misconfiguration.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=test-connectivity.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=upload-file.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=user-info-xpath.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=user-info.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=user-poll.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=view-someones-blog.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?page=xml-validator.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/information-disclosure-comment.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/javascript/ddsmoothmenu/ddsmoothmenu.js
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/javascript/gritter/jquery.gritter.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/javascript/hints/hints-menu.js
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/javascript/inline-initializers/ddsmoothmenu-init.js
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/javascript/inline-initializers/gritter-init.js
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/javascript/inline-initializers/hints-menu-init.js
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/javascript/inline-initializers/jquery-init.js
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/javascript/inline-initializers/populate-web-storage.js
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/javascript/jQuery/colorbox/colorbox.css
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/javascript/jQuery/colorbox/jquery.colorbox-min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/log-visit.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/main-menu.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=credits.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=show-log.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/minimum-class-definitions.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/installation.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-10.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-12.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-13.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-14.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-15.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-16.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-18.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-19.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-20.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-21.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-23.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-24.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-25.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-27.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-28.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-29.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-30.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-31.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-32.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-34.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-35.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-36.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-37.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-38.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-40.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-41.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-42.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-43.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-44.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-45.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-47.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-49.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-50.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-51.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-52.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-53.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-54.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-56.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-58.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-59.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-60.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-61.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-62.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/process-commands.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/process-login-attempt.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/set-up-database.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/styles/ddsmoothmenu/ddsmoothmenu.css
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/styles/global-styles.css
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/styles/gritter/jquery.gritter.css
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/webservices/rest/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/webservices/rest/ws-user-account.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/webservices/soap/ws-echo.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/webservices/soap/ws-lookup-dns.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/webservices/soap/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/webservices/soap/ws-user-account.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=D;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=D;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=M;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=M;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=N;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=N;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=S;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=S;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=D;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=D;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=M;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=M;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=N;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=N;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=S;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=S;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/hints/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/hints/?C=D;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/hints/?C=M;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/hints/?C=N;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/hints/?C=S;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=D;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=D;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=M;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=M;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=N;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=N;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=S;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=S;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=D;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=D;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=M;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=M;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=N;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=N;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=S;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=S;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=D;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=M;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=N;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=S;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=D;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=D;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=M;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=M;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=N;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=N;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=S;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=S;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=M;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=M;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=N;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=N;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=S;O=A
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=S;O=D
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/set-up-database.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/sitemap.xml
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/webservices/rest/ws-user-account.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/webservices/soap/ws-echo.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/webservices/soap/ws-lookup-dns.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/webservices/soap/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/webservices/soap/ws-user-account.php
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/ws-user-account.php?username=*
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/ws-user-account.php?username=adrian
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/*
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/10
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/2
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/3
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/4
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/configuration/openldap/mutillidae.ldif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/framer.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=10
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=100
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=101
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=102
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=103
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=104
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=105
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=106
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=107
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=108
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=109
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=11
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=110
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=111
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=112
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=113
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=114
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=115
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=116
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=117
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=118
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=119
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=12
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=120
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=121
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=122
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=123
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=124
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=125
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=126
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=127
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=128
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=129
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=13
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=130
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=131
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=14
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=16
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=18
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=19
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=20
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=22
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=23
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=26
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=29
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=30
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=33
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=39
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=40
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=41
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=42
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=43
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=45
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=48
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=49
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=50
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=56
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=57
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=58
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=59
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=60
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=61
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=62
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=64
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=65
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=67
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=68
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=69
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=70
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=71
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=72
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=73
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=74
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=75
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=76
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=77
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=78
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=79
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=80
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=82
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=83
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=84
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=85
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=86
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=87
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=88
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=89
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=9
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=90
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=91
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=92
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=93
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=94
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=95
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=96
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=97
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=98
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=99
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/images/bullet_black.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=arbitrary-file-inclusion.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=capture-data.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=client-side-comments.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=content-security-policy.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=cors.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=credits.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=directory-browsing.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/installation.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=framing.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=html5-storage.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-1.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-10.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-11.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-12.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-13.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-14.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-15.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-16.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-17.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-18.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-19.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-2.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-20.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-21.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-22.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-23.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-24.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-25.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-26.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-27.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-28.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-29.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-3.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-30.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-31.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-32.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-33.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-34.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-35.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-36.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-37.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-38.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-39.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-4.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-40.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-41.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-42.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-43.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-44.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-45.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-46.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-47.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-48.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-49.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-5.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-50.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-51.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-52.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-53.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-54.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-55.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-56.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-57.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-58.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-59.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-6.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-60.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-61.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-62.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-63.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-7.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-8.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-9.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=password-generator.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=register.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=robots-txt.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=set-background-color.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=styling-frame.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=test-connectivity.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=user-info-xpath.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?forwardurl=10&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?forwardurl=2&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?forwardurl=3&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?forwardurl=4&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.issa-kentuckiana.org&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org/index.php/Louisville&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=browser-info.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=cache-control.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=client-side-control-challenge.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=conference-room-lookup.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=credits.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=documentation/installation.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=edit-account-profile.php&uid=39
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=framing.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=html5-storage.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-62.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=conference-room-lookup.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=dns-lookup.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=edit-account-profile.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=text-file-viewer.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-info.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-poll.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=xml-validator.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=nice-tabby-cat.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=password-generator.php&username=canary
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=password-generator.php&username=ZAP
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=register.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=robots-txt.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=text-file-viewer.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-info.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=view-account-profile.php&uid=39
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=xml-validator.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLO1&page=home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?ToolID=0923ac83-8b50-4eda-ad81-f1aac6168c5c&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/README
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/rene-magritte.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/script
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/set-up-database.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/styles/global.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/styling.php?page-title=Styling%20with%20Mutillidae
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/rest/ws-user-account.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-echo.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-lookup-dns.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-user-account.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/ws-user-account.php?username=*
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/ws-user-account.php?username=adrian
Method GET
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=register.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method POST
Parameter
Attack
Evidence
Other Info
Instances 884
Solution
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
Reference https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
https://www.w3.org/TR/CSP/
https://w3c.github.io/webappsec-csp/
https://web.dev/articles/csp
https://caniuse.com/#feat=contentsecuritypolicy
https://content-security-policy.com/
CWE Id 693
WASC Id 15
Plugin Id 10038
Medium
Cross-Domain Misconfiguration
Description
Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.
URL http://127.0.0.1/webservices/rest/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Other Info The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URL https://127.0.0.1/webservices/rest/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Other Info The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
Instances 2
Solution
Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).

Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.
Reference https://vulncat.fortify.com/en/detail?id=desc.config.dotnet.html5_overly_permissive_cors_policy
CWE Id 264
WASC Id 14
Plugin Id 10098
Medium
Directory Browsing
Description
It is possible to view a listing of the directory contents. Directory listings may reveal hidden scripts, include files, backup source files, etc., which can be accessed to reveal sensitive information.
URL http://127.0.0.1/classes/
Method GET
Parameter
Attack http://127.0.0.1/classes/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter
Attack http://127.0.0.1/data/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/documentation/
Method GET
Parameter
Attack http://127.0.0.1/documentation/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/images/
Method GET
Parameter
Attack http://127.0.0.1/images/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/images/gritter/
Method GET
Parameter
Attack http://127.0.0.1/images/gritter/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/
Method GET
Parameter
Attack http://127.0.0.1/includes/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/includes/hints/
Method GET
Parameter
Attack http://127.0.0.1/includes/hints/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/
Method GET
Parameter
Attack http://127.0.0.1/javascript/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/
Method GET
Parameter
Attack http://127.0.0.1/javascript/ddsmoothmenu/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/gritter/
Method GET
Parameter
Attack http://127.0.0.1/javascript/gritter/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/hints/
Method GET
Parameter
Attack http://127.0.0.1/javascript/hints/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/inline-initializers/
Method GET
Parameter
Attack http://127.0.0.1/javascript/inline-initializers/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/
Method GET
Parameter
Attack http://127.0.0.1/javascript/jQuery/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/
Method GET
Parameter
Attack http://127.0.0.1/javascript/jQuery/colorbox/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images/
Method GET
Parameter
Attack http://127.0.0.1/javascript/jQuery/colorbox/images/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/
Method GET
Parameter
Attack http://127.0.0.1/javascript/on-page-scripts/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter
Attack http://127.0.0.1/passwords/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/styles/
Method GET
Parameter
Attack http://127.0.0.1/styles/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/styles/ddsmoothmenu/
Method GET
Parameter
Attack http://127.0.0.1/styles/ddsmoothmenu/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/styles/gritter/
Method GET
Parameter
Attack http://127.0.0.1/styles/gritter/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/webservices/
Method GET
Parameter
Attack http://127.0.0.1/webservices/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/webservices/rest/
Method GET
Parameter
Attack http://127.0.0.1/webservices/rest/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/webservices/soap/
Method GET
Parameter
Attack http://127.0.0.1/webservices/soap/
Evidence Parent Directory
Other Info
URL http://127.0.0.1/classes/
Method GET
Parameter
Attack
Evidence <title>Index of /classes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/classes/?C=D;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /classes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/classes/?C=D;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /classes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/classes/?C=M;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /classes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/classes/?C=M;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /classes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/classes/?C=N;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /classes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/classes/?C=N;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /classes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/classes/?C=S;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /classes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/classes/?C=S;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /classes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/data/
Method GET
Parameter
Attack
Evidence <title>Index of /data</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/data/?C=D;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /data</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /data</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/data/?C=M;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /data</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/data/?C=M;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /data</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/data/?C=N;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /data</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/data/?C=N;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /data</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/data/?C=S;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /data</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/data/?C=S;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /data</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/documentation/
Method GET
Parameter
Attack
Evidence <title>Index of /documentation</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/documentation/?C=D;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /documentation</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/documentation/?C=D;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /documentation</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/documentation/?C=M;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /documentation</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/documentation/?C=M;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /documentation</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/documentation/?C=N;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /documentation</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/documentation/?C=N;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /documentation</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/documentation/?C=S;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /documentation</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/documentation/?C=S;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /documentation</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/
Method GET
Parameter
Attack
Evidence <title>Index of /includes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/?C=D;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /includes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/?C=D;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /includes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/?C=M;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /includes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/?C=M;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /includes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/?C=N;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /includes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/?C=N;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /includes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/?C=S;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /includes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/?C=S;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /includes</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/hints/
Method GET
Parameter
Attack
Evidence <title>Index of /includes/hints</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/hints/?C=D;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /includes/hints</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/hints/?C=D;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /includes/hints</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/hints/?C=M;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /includes/hints</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/hints/?C=M;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /includes/hints</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/hints/?C=N;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /includes/hints</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/hints/?C=N;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /includes/hints</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/hints/?C=S;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /includes/hints</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/includes/hints/?C=S;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /includes/hints</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/
Method GET
Parameter
Attack
Evidence <title>Index of /javascript</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/?C=D;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/?C=D;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/?C=M;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/?C=M;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/?C=N;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/?C=N;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/?C=S;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/?C=S;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/ddsmoothmenu/
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/ddsmoothmenu</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/ddsmoothmenu</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/ddsmoothmenu</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/ddsmoothmenu</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/ddsmoothmenu</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/ddsmoothmenu</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/ddsmoothmenu</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/ddsmoothmenu</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/ddsmoothmenu</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/gritter/
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/gritter</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/gritter/?C=D;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/gritter</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/gritter/?C=D;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/gritter</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/gritter/?C=M;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/gritter</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/gritter/?C=M;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/gritter</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/gritter/?C=N;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/gritter</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/gritter/?C=N;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/gritter</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/gritter/?C=S;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/gritter</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/gritter/?C=S;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/gritter</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/hints/
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/hints</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/hints/?C=D;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/hints</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/hints/?C=M;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/hints</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/hints/?C=N;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/hints</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/hints/?C=S;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/hints</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/inline-initializers/
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/inline-initializers</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/inline-initializers/?C=D;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/inline-initializers</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/inline-initializers/?C=D;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/inline-initializers</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/inline-initializers/?C=M;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/inline-initializers</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/inline-initializers/?C=M;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/inline-initializers</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/inline-initializers/?C=N;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/inline-initializers</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/inline-initializers/?C=N;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/inline-initializers</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/inline-initializers/?C=S;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/inline-initializers</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/inline-initializers/?C=S;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/inline-initializers</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/jQuery/
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/jQuery</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/jQuery/?C=D;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/jQuery</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/jQuery/?C=D;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/jQuery</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/jQuery/?C=M;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/jQuery</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/jQuery/?C=M;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/jQuery</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/jQuery/?C=N;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/jQuery</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/jQuery/?C=N;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/jQuery</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/jQuery/?C=S;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/jQuery</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/jQuery/?C=S;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/jQuery</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/jQuery/colorbox/
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/jQuery/colorbox</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=D;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/jQuery/colorbox</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=M;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/jQuery/colorbox</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=N;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/jQuery/colorbox</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=S;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/jQuery/colorbox</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/jQuery/colorbox/images/
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/jQuery/colorbox/images</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/on-page-scripts/
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/on-page-scripts</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/on-page-scripts/?C=D;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/on-page-scripts</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/on-page-scripts/?C=D;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/on-page-scripts</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/on-page-scripts/?C=M;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/on-page-scripts</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/on-page-scripts/?C=M;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/on-page-scripts</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/on-page-scripts/?C=N;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/on-page-scripts</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/on-page-scripts/?C=N;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/on-page-scripts</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/on-page-scripts/?C=S;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/on-page-scripts</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/javascript/on-page-scripts/?C=S;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /javascript/on-page-scripts</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/passwords/
Method GET
Parameter
Attack
Evidence <title>Index of /passwords</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/passwords/?C=D;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /passwords</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /passwords</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/passwords/?C=M;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /passwords</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/passwords/?C=M;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /passwords</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/passwords/?C=N;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /passwords</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/passwords/?C=N;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /passwords</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/passwords/?C=S;O=A
Method GET
Parameter
Attack
Evidence <title>Index of /passwords</title>
Other Info Web server identified: Apache 2
URL http://127.0.0.1/passwords/?C=S;O=D
Method GET
Parameter
Attack
Evidence <title>Index of /passwords</title>
Other Info Web server identified: Apache 2
Instances 142
Solution
Configure the web server to disable directory browsing.
Reference https://cwe.mitre.org/data/definitions/548.html
CWE Id 548
WASC Id 16
Plugin Id 10033
Medium
HTTP to HTTPS Insecure Transition in Form Post
Description
This check looks for insecure HTTP pages that host HTTPS forms. The issue is that an insecure HTTP page can easily be hijacked through MITM and the secure HTTPS form can be replaced or spoofed.
URL http://127.0.0.1
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1 The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/ The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/includes/header.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/includes/header.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/includes/header.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/includes/header.php?page=add-to-your-blog.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/includes/header.php?page=credits.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/includes/header.php?page=credits.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/includes/header.php?page=show-log.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/includes/header.php?page=show-log.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/includes/header.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/includes/header.php?page=text-file-viewer.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=documentation/installation.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=documentation/installation.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=documentation/usage-instructions.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=documentation/vulnerabilities.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=home.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0 The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-10.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-11.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-12.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-13.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-14.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-15.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-16.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-17.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-18.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-19.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-20.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-21.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-22.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-23.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-24.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-25.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-26.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-27.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-28.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-29.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-30.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-31.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-32.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-33.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-34.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-35.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-36.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-37.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-38.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-39.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-40.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-41.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-42.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-43.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-44.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-45.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-46.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-47.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-48.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-49.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-50.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-51.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-52.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-53.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-54.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-55.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-56.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-57.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-58.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-59.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-60.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-61.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-62.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-63.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=login.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=/var/www/mutillidae/home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=home.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=/var/www/mutillidae/home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=login.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=login.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=home.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=login.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=login.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php
Method GET
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-14.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-19.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-53.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=labs/lab-54.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence https://www.paypal.com/cgi-bin/webscr
Other Info The response to the following request over HTTP included an HTTPS form tag action attribute value: http://127.0.0.1/index.php?page=login.php The context was: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="45R3YEXENU97S"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" name="submit" alt="Donate Today!"> <img alt="" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
Instances 89
Solution
Use HTTPS for landing pages that host secure forms.
Reference
CWE Id 319
WASC Id 15
Plugin Id 10041
Medium
Hidden File Found
Description
A sensitive file was identified as accessible or available. This may leak administrative, configuration, or credential information which can be leveraged by a malicious individual to further attack the system or conduct social engineering efforts.
URL http://127.0.0.1/phpinfo.php
Method GET
Parameter
Attack
Evidence HTTP/1.1 200 OK
Other Info phpinfo
Instances 1
Solution
Consider whether or not the component is actually required in production, if it isn't then disable it. If it is then ensure access to it requires appropriate authentication and authorization, or limit exposure to internal systems or specific source IPs, etc.
Reference https://blog.hboeck.de/archives/892-Introducing-Snallygaster-a-Tool-to-Scan-for-Secrets-on-Web-Servers.html
https://www.php.net/manual/en/function.phpinfo.php
CWE Id 538
WASC Id 13
Plugin Id 40035
Medium
Missing Anti-clickjacking Header
Description
The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.
URL http://127.0.0.1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=D;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=D;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=M;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=M;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=N;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=N;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=S;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/?C=S;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/CSRFTokenHandler.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/classes/DirectoryIterationHandler.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=M;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=M;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=N;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=N;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=S;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/data/?C=S;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=D;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=D;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=M;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=M;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=N;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=N;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=S;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/?C=S;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/installation.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/usage-instructions.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/documentation/vulnerabilities.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/framer.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=10
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=101
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=102
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=103
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=104
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=105
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=107
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=108
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=109
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=11
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=110
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=111
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=112
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=114
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=116
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=117
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=118
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=119
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=12
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=120
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=121
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=123
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=125
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=126
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=127
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=128
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=129
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=13
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=39
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=40
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=48
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=56
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=57
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=59
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=60
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=61
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=62
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=64
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=86
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=9
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=97
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=99
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=D;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=D;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=M;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=M;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=N;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=N;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=S;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/?C=S;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/header.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/header.php?page=add-to-your-blog.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/header.php?page=credits.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/header.php?page=show-log.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/header.php?page=text-file-viewer.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=D;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=D;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=M;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=M;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=N;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=N;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=S;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/?C=S;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/information-disclosure-comment.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/log-visit.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/main-menu.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=add-to-your-blog.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=credits.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=show-log.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=text-file-viewer.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/minimum-class-definitions.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=/var/www/mutillidae/home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/installation.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/usage-instructions.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/vulnerabilities.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-10.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-12.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-13.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-14.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-15.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-16.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-18.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-19.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-20.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-21.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-23.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-24.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-25.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-27.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-28.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-29.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-30.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-31.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-32.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-34.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-35.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-36.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-37.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-38.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-40.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-41.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-42.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-43.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-44.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-45.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-47.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-49.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-50.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-51.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-52.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-53.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-54.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-56.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-58.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-59.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-60.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-61.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-62.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=login.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/process-commands.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/process-login-attempt.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-1.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-2.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-3.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-4.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-5.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-6.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-7.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-8.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-9.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=/var/www/mutillidae/home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=/var/www/mutillidae/home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=login.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=login.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=D;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=D;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=M;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=M;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=N;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=N;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=S;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/?C=S;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=D;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=D;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=M;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=M;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=N;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=N;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=S;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter/?C=S;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/hints/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/hints/?C=D;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/hints/?C=M;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/hints/?C=N;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/hints/?C=S;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=D;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=D;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=M;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=M;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=N;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=N;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=S;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=S;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=D;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=D;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=M;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=M;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=N;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=N;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=S;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=S;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=D;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=M;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=N;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=S;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=D;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=D;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=M;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=M;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=N;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=N;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=S;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=S;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=M;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=M;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=N;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=N;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=S;O=A
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=S;O=D
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/set-up-database.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/webservices/rest/ws-user-account.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/webservices/soap/ws-echo.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/webservices/soap/ws-lookup-dns.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/webservices/soap/ws-test-connectivity.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/webservices/soap/ws-user-account.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/framer.html
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=10
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=100
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=101
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=102
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=103
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=104
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=105
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=106
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=107
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=108
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=109
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=11
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=110
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=111
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=112
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=113
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=114
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=115
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=116
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=117
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=118
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=119
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=12
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=120
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=121
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=122
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=123
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=124
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=125
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=126
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=127
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=128
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=129
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=13
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=130
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=131
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=14
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=16
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=18
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=19
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=20
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=22
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=23
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=26
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=29
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=30
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=33
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=39
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=40
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=41
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=42
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=43
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=45
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=48
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=49
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=50
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=56
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=57
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=58
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=59
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=60
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=61
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=62
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=64
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=65
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=67
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=68
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=69
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=70
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=71
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=72
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=73
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=74
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=75
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=76
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=77
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=78
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=79
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=80
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=82
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=83
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=84
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=85
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=86
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=87
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=88
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=89
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=9
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=90
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=91
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=92
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=93
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=94
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=95
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=96
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=97
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=98
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=99
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=./documentation/vulnerabilities.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=/var/www/mutillidae/home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=arbitrary-file-inclusion.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=capture-data.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=client-side-comments.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=content-security-policy.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=cors.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=credits.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=directory-browsing.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/installation.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/usage-instructions.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/vulnerabilities.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=framing.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=html5-storage.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-1.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-10.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-11.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-12.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-13.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-14.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-15.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-16.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-17.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-18.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-19.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-2.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-20.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-21.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-22.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-23.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-24.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-25.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-26.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-27.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-28.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-29.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-3.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-30.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-31.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-32.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-33.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-34.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-35.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-36.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-37.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-38.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-39.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-4.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-40.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-41.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-42.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-43.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-44.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-45.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-46.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-47.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-48.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-49.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-5.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-50.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-51.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-52.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-53.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-54.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-55.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-56.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-57.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-58.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-59.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-6.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-60.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-61.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-62.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-63.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-7.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-8.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-9.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=login.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=password-generator.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=pen-test-tool-lookup-ajax.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=pen-test-tool-lookup.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=register.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=robots-txt.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=set-background-color.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=site-footer-xss-discussion.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=styling-frame.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=test-connectivity.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=user-agent-impersonation.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=user-info-xpath.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?forwardurl=10&page=redirectandlog.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?forwardurl=2&page=redirectandlog.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?forwardurl=3&page=redirectandlog.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?forwardurl=4&page=redirectandlog.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.issa-kentuckiana.org&page=redirectandlog.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org&page=redirectandlog.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org/index.php/Louisville&page=redirectandlog.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=./documentation/vulnerabilities.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SL1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SSLE1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=browser-info.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=cache-control.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SL0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=L1H1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SL5
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=client-side-control-challenge.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=conference-room-lookup.php&popUpNotificationCode=AU1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=L1H1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=credits.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=L1H0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SL1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=L1H0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SL1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SSLE1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=documentation/installation.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=documentation/usage-instructions.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=edit-account-profile.php&uid=39
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=framing.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SL5
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=html5-storage.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SL5
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SL1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SSLE1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-62.php&popUpNotificationCode=SL5
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&popUpNotificationCode=L1H0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=add-to-your-blog.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=conference-room-lookup.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=dns-lookup.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=edit-account-profile.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=text-file-viewer.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-info.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-poll.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=xml-validator.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=nice-tabby-cat.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=password-generator.php&username=canary
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=password-generator.php&username=ZAP
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SL1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SL5
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SSLE1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SL0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SSLE1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SL1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=register.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=robots-txt.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SL1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=site-footer-xss-discussion.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SL0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SL1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SSLE1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=text-file-viewer.php&popUpNotificationCode=AU1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=L1H0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SL0
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SL5
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-info.php&popUpNotificationCode=AU1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=view-account-profile.php&uid=39
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=xml-validator.php&popUpNotificationCode=AU1
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=/var/www/mutillidae/home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=login.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLO1&page=home.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?ToolID=0923ac83-8b50-4eda-ad81-f1aac6168c5c&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/rene-magritte.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/set-up-database.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/styling.php?page-title=Styling%20with%20Mutillidae
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/rest/ws-user-account.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-echo.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-lookup-dns.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-test-connectivity.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-user-account.php
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=register.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method POST
Parameter x-frame-options
Attack
Evidence
Other Info
Instances 697
Solution
Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.

If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
CWE Id 1021
WASC Id 15
Plugin Id 10020
Medium
Parameter Tampering
Description
Parameter manipulation caused an error page or Java stack trace to be displayed. This indicated lack of exception handling and potential areas for further exploit.
URL http://127.0.0.1/?page=%00
Method GET
Parameter page
Attack
Evidence on line <b>
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=
Method GET
Parameter level1HintIncludeFile
Attack
Evidence on line <b>
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?=
Method GET
Parameter pagename
Attack
Evidence on line <b>
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=%00
Method GET
Parameter page
Attack
Evidence on line <b>
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=%00
Method GET
Parameter page
Attack
Evidence on line <b>
Other Info
URL http://127.0.0.1/index.php?page=%00
Method GET
Parameter page
Attack
Evidence on line <b>
Other Info
URL http://127.0.0.1/index.php?page=%00&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter page
Attack
Evidence on line <b>
Other Info
URL http://127.0.0.1/index.php?page=%00&redirectPage=captured-data.php
Method GET
Parameter page
Attack
Evidence on line <b>
Other Info
URL http://127.0.0.1/index.php?page=%00&username=anonymous
Method GET
Parameter page
Attack
Evidence on line <b>
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=%00
Method GET
Parameter page
Attack
Evidence on line <b>
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=%00
Method GET
Parameter page
Attack
Evidence on line <b>
Other Info
URL http://127.0.0.1/index.php?=
Method POST
Parameter page
Attack
Evidence on line <b>
Other Info
URL http://127.0.0.1/index.php?page=%00
Method POST
Parameter page
Attack
Evidence on line <b>
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter password
Attack
Evidence on line <b>
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter username
Attack
Evidence on line <b>
Other Info
Instances 15
Solution
Identify the cause of the error and fix it. Do not trust client side input and enforce a tight check in the server side. Besides, catch the exception properly. Use a generic 500 error page for internal server error.
Reference
CWE Id 472
WASC Id 20
Plugin Id 40008
Medium
Vulnerable JS Library
Description
The identified library jquery, version 1.3.2 is vulnerable.
URL http://127.0.0.1/javascript/ddsmoothmenu/jquery.min.js
Method GET
Parameter
Attack
Evidence * jQuery JavaScript Library v1.3.2
Other Info CVE-2011-4969 CVE-2020-11023 CVE-2020-11022 CVE-2019-11358 CVE-2020-7656 CVE-2012-6708
URL http://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence * jQuery JavaScript Library v1.8.3
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 CVE-2020-7656 CVE-2012-6708
URL https://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence * jQuery JavaScript Library v1.8.3
Other Info CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 CVE-2020-7656 CVE-2012-6708
Instances 3
Solution
Please upgrade to the latest version of jquery.
Reference https://nvd.nist.gov/vuln/detail/CVE-2012-6708
http://research.insecurelabs.org/jquery/test/
https://bugs.jquery.com/ticket/9521
http://bugs.jquery.com/ticket/11290
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://nvd.nist.gov/vuln/detail/CVE-2019-11358
https://github.com/advisories/GHSA-q4m3-2j7h-f7xw
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
https://github.com/jquery/jquery.com/issues/162
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://nvd.nist.gov/vuln/detail/CVE-2020-7656
https://nvd.nist.gov/vuln/detail/CVE-2011-4969
CWE Id 829
WASC Id
Plugin Id 10003
Low
CSP: Notices
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method GET
Parameter Content-Security-Policy
Attack
Evidence script-src 'self' 'nonce-a4115737d0b9b2ef04a90882f4c4d2855d6cb0845a403f1b06c28a79bcb04d94';style-src 'unsafe-inline' 'self' fonts.googleapis.com;img-src 'self' www.paypalobjects.com;connect-src 'self' cors.mutillidae.localhost;font-src fonts.googleapis.com fonts.gstatic.com;frame-src 'self';media-src 'none';object-src 'none';worker-src 'none';child-src 'none';manifest-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri includes/capture-data.php;report-to csp-endpoint;
Other Info Warnings: The report-uri directive has been deprecated in favor of the new report-to directive
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=L1H1
Method GET
Parameter Content-Security-Policy
Attack
Evidence script-src 'self' 'nonce-83057af36b2ed8071b8eea3dcce4f107aa2f4bb1b139598872924f3c8a237074';style-src 'unsafe-inline' 'self' fonts.googleapis.com;img-src 'self' www.paypalobjects.com;connect-src 'self' cors.mutillidae.localhost;font-src fonts.googleapis.com fonts.gstatic.com;frame-src 'self';media-src 'none';object-src 'none';worker-src 'none';child-src 'none';manifest-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri includes/capture-data.php;report-to csp-endpoint;
Other Info Warnings: The report-uri directive has been deprecated in favor of the new report-to directive
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SL5
Method GET
Parameter Content-Security-Policy
Attack
Evidence script-src 'self' 'nonce-41f4641c75c767dda07dda44a7c8bb31c976eaf6dce8f9c4eb80e9223edb1a6c';style-src 'unsafe-inline' 'self' fonts.googleapis.com;img-src 'self' www.paypalobjects.com;connect-src 'self' cors.mutillidae.localhost;font-src fonts.googleapis.com fonts.gstatic.com;frame-src 'self';media-src 'none';object-src 'none';worker-src 'none';child-src 'none';manifest-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri includes/capture-data.php;report-to csp-endpoint;
Other Info Warnings: The report-uri directive has been deprecated in favor of the new report-to directive
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SSLE1
Method GET
Parameter Content-Security-Policy
Attack
Evidence script-src 'self' 'nonce-ef0211642517270a1a28460bdcd86db4c1433b8a5d9c3d58bc48989d5fec06f9';style-src 'unsafe-inline' 'self' fonts.googleapis.com;img-src 'self' www.paypalobjects.com;connect-src 'self' cors.mutillidae.localhost;font-src fonts.googleapis.com fonts.gstatic.com;frame-src 'self';media-src 'none';object-src 'none';worker-src 'none';child-src 'none';manifest-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri includes/capture-data.php;report-to csp-endpoint;
Other Info Warnings: The report-uri directive has been deprecated in favor of the new report-to directive
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method POST
Parameter Content-Security-Policy
Attack
Evidence script-src 'self' 'nonce-e11409dad956c4cc010a48dbbaf5bbecd03a168e8ebcdff4ed3fee5d147d98d3';style-src 'unsafe-inline' 'self' fonts.googleapis.com;img-src 'self' www.paypalobjects.com;connect-src 'self' cors.mutillidae.localhost;font-src fonts.googleapis.com fonts.gstatic.com;frame-src 'self';media-src 'none';object-src 'none';worker-src 'none';child-src 'none';manifest-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'none';report-uri includes/capture-data.php;report-to csp-endpoint;
Other Info Warnings: The report-uri directive has been deprecated in favor of the new report-to directive
Instances 5
Solution
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
Reference https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy
https://content-security-policy.com/
https://github.com/HtmlUnit/htmlunit-csp
https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
CWE Id 693
WASC Id 15
Plugin Id 10055
Low
Cookie No HttpOnly Flag
Description
A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.
URL http://127.0.0.1
Method GET
Parameter PHPSESSID
Attack
Evidence Set-Cookie: PHPSESSID
Other Info
URL http://127.0.0.1
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence Set-Cookie: PHPSESSID
Other Info
URL http://127.0.0.1/
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=home.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=login.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=/var/www/mutillidae/home.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=documentation/vulnerabilities.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=home.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-23.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-61.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-62.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=login.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=./documentation/vulnerabilities.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=browser-info.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=client-side-comments.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=content-security-policy.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=cors.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=credits.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=directory-browsing.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=documentation/installation.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=documentation/usage-instructions.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=documentation/vulnerabilities.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=framing.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=home.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=html5-storage.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-1.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-10.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-11.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-12.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-13.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-14.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-15.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-16.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-17.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-18.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-19.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-2.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-20.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-21.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-22.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-23.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-24.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-25.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-26.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-27.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-28.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-29.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-3.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-30.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-31.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-32.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-33.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-34.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-35.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-36.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-37.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-38.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-39.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-4.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-40.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-41.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-42.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-43.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-44.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-45.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-46.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-47.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-48.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-49.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-5.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-50.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-51.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-52.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-53.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-54.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-55.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-56.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-57.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-58.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-59.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-6.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-60.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-61.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-62.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-63.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-7.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-8.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-9.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=login.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=pen-test-tool-lookup.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=register.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=robots-txt.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=site-footer-xss-discussion.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=test-connectivity.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=user-agent-impersonation.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=user-info-xpath.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=./documentation/vulnerabilities.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=/var/www/mutillidae/home.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=browser-info.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=capture-data.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=client-side-comments.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=content-security-policy.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=documentation/installation.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=documentation/vulnerabilities.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=home.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=html5-storage.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-11.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-13.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-14.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-16.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-18.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-2.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-20.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-22.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-23.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-25.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-26.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-28.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-29.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-3.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-31.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-32.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-33.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-36.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-37.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-38.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-39.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-4.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-40.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-42.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-43.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-45.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-46.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-48.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-49.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-50.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-52.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-54.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-55.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-57.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-58.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-6.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-60.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-61.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-63.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-7.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-8.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-9.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=login.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=password-generator.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=pen-test-tool-lookup.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=phpinfo.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=register.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=site-footer-xss-discussion.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=styling-frame.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=user-agent-impersonation.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=user-info-xpath.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter uid
Attack
Evidence Set-Cookie: uid
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter username
Attack
Evidence Set-Cookie: username
Other Info
Instances 163
Solution
Ensure that the HttpOnly flag is set for all cookies.
Reference https://owasp.org/www-community/HttpOnly
CWE Id 1004
WASC Id 13
Plugin Id 10010
Low
Cookie Without Secure Flag
Description
A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.
URL https://127.0.0.1/index.php?do=toggle-hints&page=./documentation/vulnerabilities.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=browser-info.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=client-side-comments.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=content-security-policy.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=cors.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=credits.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=directory-browsing.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=documentation/installation.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=documentation/usage-instructions.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=documentation/vulnerabilities.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=framing.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=home.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=html5-storage.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-1.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-10.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-11.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-12.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-13.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-14.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-15.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-16.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-17.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-18.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-19.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-2.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-20.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-21.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-22.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-23.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-24.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-25.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-26.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-27.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-28.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-29.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-3.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-30.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-31.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-32.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-33.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-34.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-35.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-36.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-37.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-38.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-39.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-4.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-40.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-41.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-42.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-43.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-44.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-45.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-46.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-47.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-48.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-49.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-5.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-50.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-51.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-52.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-53.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-54.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-55.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-56.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-57.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-58.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-59.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-6.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-60.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-61.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-62.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-63.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-7.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-8.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-9.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=login.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=pen-test-tool-lookup.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=register.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=robots-txt.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=site-footer-xss-discussion.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=test-connectivity.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=user-agent-impersonation.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=user-info-xpath.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=./documentation/vulnerabilities.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=/var/www/mutillidae/home.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=browser-info.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=capture-data.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=client-side-comments.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=content-security-policy.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=documentation/installation.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=documentation/vulnerabilities.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=home.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=html5-storage.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-11.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-13.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-14.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-16.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-18.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-2.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-20.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-22.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-23.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-25.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-26.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-28.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-29.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-3.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-31.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-32.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-33.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-36.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-37.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-38.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-39.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-4.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-40.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-42.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-43.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-45.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-46.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-48.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-49.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-50.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-52.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-54.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-55.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-57.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-58.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-6.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-60.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-61.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-63.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-7.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-8.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-9.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=login.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=password-generator.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=pen-test-tool-lookup.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=phpinfo.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=register.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=site-footer-xss-discussion.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=styling-frame.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=user-agent-impersonation.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=user-info-xpath.php
Method GET
Parameter showhints
Attack
Evidence Set-Cookie: showhints
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter uid
Attack
Evidence Set-Cookie: uid
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter username
Attack
Evidence Set-Cookie: username
Other Info
Instances 149
Solution
Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.
Reference https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html
CWE Id 614
WASC Id 13
Plugin Id 10011
Low
Cookie without SameSite Attribute
Description
A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.
URL http://127.0.0.1
Method GET
Parameter PHPSESSID
Attack
Evidence Set-Cookie: PHPSESSID
Other Info
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence Set-Cookie: PHPSESSID
Other Info
Instances 2
Solution
Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
Reference https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site
CWE Id 1275
WASC Id 13
Plugin Id 10054
Low
Private IP Disclosure
Description
A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.
URL http://127.0.0.1/documentation/mutillidae-demo.txt
Method GET
Parameter
Attack
Evidence 192.168.56.101
Other Info 192.168.56.101
URL http://127.0.0.1/documentation/mutillidae-test-scripts.txt
Method GET
Parameter
Attack
Evidence 192.168.56.103
Other Info 192.168.56.103 192.168.56.101 192.168.56.101 192.168.56.101 192.168.56.102 192.168.56.102 192.168.1.1 192.168.56.101
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53
Method GET
Parameter
Attack
Evidence 192.168.56.102
Other Info 192.168.56.102 192.168.56.102 192.168.56.102 192.168.56.102 192.168.56.101 192.168.56.102 192.168.56.102:5123
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54
Method GET
Parameter
Attack
Evidence 10.0.0.133
Other Info 10.0.0.133 10.0.0.255 172.16.0.248 172.16.0.255
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter
Attack
Evidence 10.0.0.1:3000
Other Info 10.0.0.1:3000
URL https://127.0.0.1/documentation/mutillidae-test-scripts.txt
Method GET
Parameter
Attack
Evidence 192.168.56.103
Other Info 192.168.56.103 192.168.56.101 192.168.56.101 192.168.56.101 192.168.56.102 192.168.56.102 192.168.1.1 192.168.56.101
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=20
Method GET
Parameter
Attack
Evidence 192.168.56.102
Other Info 192.168.56.102 192.168.56.102
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=50
Method GET
Parameter
Attack
Evidence 172.16.0.130
Other Info 172.16.0.130 172.16.0.130
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53
Method GET
Parameter
Attack
Evidence 192.168.56.102
Other Info 192.168.56.102 192.168.56.102 192.168.56.102 192.168.56.102 192.168.56.101 192.168.56.102 192.168.56.102:5123
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54
Method GET
Parameter
Attack
Evidence 10.0.0.133
Other Info 10.0.0.133 10.0.0.255 172.16.0.248 172.16.0.255
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter
Attack
Evidence 10.0.0.1:3000
Other Info 10.0.0.1:3000
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence 172.19.0.4
Other Info 172.19.0.4 172.19.0.1 172.19.0.4 172.19.0.1
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence 172.19.0.4
Other Info 172.19.0.4 172.19.0.1 172.19.0.4 172.19.0.1
Instances 13
Solution
Remove the private IP address from the HTTP response body. For comments, use JSP/ASP/PHP comment instead of HTML/JavaScript comment which can be seen by client browsers.
Reference https://tools.ietf.org/html/rfc1918
CWE Id 200
WASC Id 13
Plugin Id 2
Low
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
Description
The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.
URL http://127.0.0.1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/?page=credits.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/classes/ClientInformationHandler.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/classes/CSRFTokenHandler.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/classes/CustomErrorHandler.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/classes/DirectoryIterationHandler.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/classes/EncodingHandler.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/classes/FileUploadExceptionHandler.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/classes/JWT.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/classes/LogHandler.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/classes/MySQLHandler.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/classes/RemoteFileHandler.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/classes/RequiredSoftwareHandler.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/classes/SQLQueryHandler.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/classes/XMLHandler.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/classes/YouTubeVideoHandler.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/documentation/installation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=10
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=101
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=102
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=103
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=104
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=105
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=107
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=108
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=109
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=11
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=110
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=111
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=112
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=114
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=116
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=117
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=118
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=119
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=12
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=120
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=121
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=123
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=125
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=126
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=127
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=128
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=129
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=13
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=39
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=40
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=48
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=56
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=57
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=59
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=60
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=61
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=62
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=64
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=86
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=9
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=97
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=99
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/capture-data.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/constants.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/header.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/header.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/header.php?page=credits.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/header.php?page=show-log.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/header.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/information-disclosure-comment.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/log-visit.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/main-menu.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=credits.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=show-log.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/minimum-class-definitions.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/installation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-10.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-12.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-13.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-14.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-15.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-16.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-18.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-19.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-20.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-21.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-23.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-24.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-25.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-27.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-28.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-29.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-30.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-31.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-32.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-34.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-35.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-36.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-37.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-38.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-40.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-41.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-42.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-43.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-44.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-45.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-47.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-49.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-50.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-51.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-52.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-53.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-54.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-56.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-58.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-59.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-60.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-61.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-62.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/process-commands.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/includes/process-login-attempt.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=documentation/installation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=documentation/installation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=arbitrary-file-inclusion.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=back-button-discussion.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=browser-info.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=cache-control.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=capture-data.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=captured-data.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=client-side-comments.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=client-side-control-challenge.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=conference-room-lookup.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=content-security-policy.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=cors.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=credits.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=directory-browsing.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=dns-lookup.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=echo.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=edit-account-profile.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=framing.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=html5-storage.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=http://www.google.com
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=jwt.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-62.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=nice-tabby-cat.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=phpinfo.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=privilege-escalation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=register.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=repeater.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=robots-txt.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=secret-administrative-pages.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=set-background-color.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=show-log.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=source-viewer.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=sqlmap-targets.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=ssl-misconfiguration.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=test-connectivity.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=upload-file.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=user-info-xpath.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=user-info.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=user-poll.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=view-someones-blog.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=xml-validator.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/set-up-database.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/webservices/rest/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/webservices/rest/ws-user-account.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/webservices/soap/ws-echo.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/webservices/soap/ws-echo.php?wsdl
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/webservices/soap/ws-lookup-dns.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/webservices/soap/ws-lookup-dns.php?wsdl
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/webservices/soap/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/webservices/soap/ws-test-connectivity.php?wsdl
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/webservices/soap/ws-user-account.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/webservices/soap/ws-user-account.php?wsdl
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/?page=show-log.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=10
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=100
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=101
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=102
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=103
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=104
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=105
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=106
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=107
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=108
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=109
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=11
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=110
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=111
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=112
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=113
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=114
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=115
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=116
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=117
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=118
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=119
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=12
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=120
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=121
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=122
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=123
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=124
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=125
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=126
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=127
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=128
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=129
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=13
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=130
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=131
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=14
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=16
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=18
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=19
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=20
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=22
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=23
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=26
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=29
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=30
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=33
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=39
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=40
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=41
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=42
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=43
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=45
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=48
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=49
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=50
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=56
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=57
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=58
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=59
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=60
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=61
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=62
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=64
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=65
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=67
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=68
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=69
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=70
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=71
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=72
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=73
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=74
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=75
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=76
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=77
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=78
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=79
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=80
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=82
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=83
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=84
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=85
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=86
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=87
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=88
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=89
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=9
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=90
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=91
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=92
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=93
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=94
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=95
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=96
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=97
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=98
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=99
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=arbitrary-file-inclusion.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=capture-data.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=client-side-comments.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=content-security-policy.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=cors.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=credits.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=directory-browsing.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/installation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=framing.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=html5-storage.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-1.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-10.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-11.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-12.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-13.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-14.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-15.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-16.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-17.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-18.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-19.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-2.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-20.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-21.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-22.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-23.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-24.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-25.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-26.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-27.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-28.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-29.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-3.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-30.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-31.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-32.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-33.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-34.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-35.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-36.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-37.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-38.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-39.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-4.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-40.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-41.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-42.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-43.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-44.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-45.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-46.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-47.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-48.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-49.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-5.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-50.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-51.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-52.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-53.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-54.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-55.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-56.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-57.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-58.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-59.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-6.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-60.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-61.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-62.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-63.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-7.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-8.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-9.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=password-generator.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=register.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=robots-txt.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=set-background-color.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=styling-frame.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=test-connectivity.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=user-info-xpath.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=logout
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=arbitrary-file-inclusion.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=browser-info.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=capture-data.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=client-side-comments.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=content-security-policy.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=cors.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=credits.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=directory-browsing.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=documentation/installation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=framing.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=html5-storage.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=password-generator.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=phpinfo.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=register.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=robots-txt.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=set-background-color.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=styling-frame.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=test-connectivity.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=user-info-xpath.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=browser-info.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=client-side-comments.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=content-security-policy.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=cors.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=credits.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=directory-browsing.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=documentation/installation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=framing.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=html5-storage.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=register.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=robots-txt.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=test-connectivity.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=user-info-xpath.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=arbitrary-file-inclusion.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=browser-info.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=capture-data.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=client-side-comments.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=content-security-policy.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=cors.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=credits.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=directory-browsing.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=documentation/installation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=framing.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=html5-storage.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=password-generator.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=phpinfo.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=register.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=robots-txt.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=set-background-color.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=styling-frame.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=test-connectivity.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=user-info-xpath.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?forwardurl=10&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?forwardurl=2&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?forwardurl=3&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?forwardurl=4&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.issa-kentuckiana.org&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org/index.php/Louisville&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=browser-info.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=cache-control.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=captured-data.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=client-side-control-challenge.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=conference-room-lookup.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=credits.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=documentation/installation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=echo.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=edit-account-profile.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=edit-account-profile.php&uid=39
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=framing.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=html5-storage.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-62.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=login.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=conference-room-lookup.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=dns-lookup.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=edit-account-profile.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=text-file-viewer.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-info.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-poll.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=xml-validator.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=nice-tabby-cat.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=password-generator.php&username=canary
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=password-generator.php&username=ZAP
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=register.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=repeater.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=robots-txt.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=show-log.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=source-viewer.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=text-file-viewer.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=upload-file.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=user-info.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=view-account-profile.php&uid=39
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=xml-validator.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=login.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLO1&page=home.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?ToolID=0923ac83-8b50-4eda-ad81-f1aac6168c5c&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/rene-magritte.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/set-up-database.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/styling.php?page-title=Styling%20with%20Mutillidae
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/webservices/rest/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/webservices/rest/ws-user-account.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/webservices/soap/ws-echo.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/webservices/soap/ws-echo.php?wsdl
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/webservices/soap/ws-lookup-dns.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/webservices/soap/ws-lookup-dns.php?wsdl
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/webservices/soap/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/webservices/soap/ws-test-connectivity.php?wsdl
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/webservices/soap/ws-user-account.php
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/webservices/soap/ws-user-account.php?wsdl
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-12.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-15.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-18.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-23.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-32.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-36.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-41.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-42.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-44.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-49.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-52.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-56.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-58.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-59.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-60.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-61.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-62.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=register.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method POST
Parameter
Attack
Evidence X-Powered-By: PHP/8.3.13
Other Info
Instances 1089
Solution
Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.
Reference https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework
https://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html
CWE Id 200
WASC Id 13
Plugin Id 10037
Low
Server Leaks Version Information via "Server" HTTP Response Header Field
Description
The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.
URL http://127.0.0.1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/?page=credits.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/?C=D;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/?C=D;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/?C=M;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/?C=M;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/?C=N;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/?C=N;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/?C=S;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/?C=S;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/ClientInformationHandler.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/CSRFTokenHandler.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/CustomErrorHandler.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/DirectoryIterationHandler.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/EncodingHandler.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/FileUploadExceptionHandler.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/JWT.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/LogHandler.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/MySQLHandler.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/RemoteFileHandler.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/RequiredSoftwareHandler.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/SQLQueryHandler.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/XMLHandler.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/classes/YouTubeVideoHandler.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/config.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/configuration/openldap/mutillidae.ldif
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/data
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/data/?C=D;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/data/?C=M;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/data/?C=M;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/data/?C=N;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/data/?C=N;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/data/?C=S;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/data/?C=S;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/data/accounts.xml
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation/?C=D;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation/?C=D;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation/?C=M;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation/?C=M;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation/?C=N;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation/?C=N;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation/?C=S;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation/?C=S;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation/installation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation/mutillidae-demo.txt
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation/mutillidae-installation-on-xampp-win7.pdf
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation/mutillidae-test-scripts.txt
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/favicon.ico
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/framer.html
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=10
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=101
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=102
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=103
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=104
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=105
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=107
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=108
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=109
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=11
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=110
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=111
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=112
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=114
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=116
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=117
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=118
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=119
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=12
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=120
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=121
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=123
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=125
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=126
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=127
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=128
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=129
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=13
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=39
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=40
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=48
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=56
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=57
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=59
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=60
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=61
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=62
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=64
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=86
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=9
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=97
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=99
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/icons/back.gif
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/icons/blank.gif
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/icons/folder.gif
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/icons/layout.gif
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/icons/text.gif
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/icons/unknown.gif
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/arrow-45-degree-left-up.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/back-button-64-64.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/bullet_black.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/coykillericon-50-38.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/down_arrow_16_16.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/favicon.ico
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/gritter/gritter.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/gritter/ie-spacer.gif
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/help-easy-button-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/help-icon-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/installation-icon-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/ldap-server-48-59.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/link-icon-16-16.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/pdf-icon-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/question-mark-40-61.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/right.gif
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/siren-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/twitter-bird-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/images/youtube-play-icon-40-40.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/?C=D;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/?C=D;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/?C=M;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/?C=M;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/?C=N;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/?C=N;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/?C=S;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/?C=S;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/back-button.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/capture-data.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/constants.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/database-config.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/documentation/mutillidae-installation-on-xampp-win7.pdf
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/framer.html
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/header.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/header.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/header.php?page=credits.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/header.php?page=show-log.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/header.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/help-button.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/?C=D;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/?C=D;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/?C=M;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/?C=M;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/?C=N;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/?C=N;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/?C=S;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/?C=S;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/application-log-injection.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/application-path-disclosure-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/authentication-bypass-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/beef-framework-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/buffer-overflow-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/burp-suite-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/cascading-style-sheet-injection-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/cbc-bit-flipping-attack-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/click-jacking-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/client-side-comments.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/client-side-security-control-bypass.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/command-injection-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/content-security-policy-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/cross-origin-resource-sharing-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/cross-site-request-forgery-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/cross-site-scripting-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/directory-browsing-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/dom-injection-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/frame-source-injection-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/hint-not-found.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/hints-menu-wrapper.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/hints-not-found.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/html-injection-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/html5-web-storage-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/information-disclosure-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/insecure-direct-object-reference-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/insufficient-transport-layer-protection.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/javascript-injection-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/javascript-validation-bypass-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/json-injection-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/jwt-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-1-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-10-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-11-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-12-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-13-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-14-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-15-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-16-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-17-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-18-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-19-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-2-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-20-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-21-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-22-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-23-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-24-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-25-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-26-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-27-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-28-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-29-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-3-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-30-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-31-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-32-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-33-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-34-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-35-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-36-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-37-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-38-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-39-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-4-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-40-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-41-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-42-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-43-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-44-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-45-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-46-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-47-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-48-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-49-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-5-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-50-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-51-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-52-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-53-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-54-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-55-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-56-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-57-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-58-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-59-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-6-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-60-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-61-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-62-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-63-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-7-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-8-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/lab-9-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/ldap-injection-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/ldap-setup-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/local-file-inclusion-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/method-tampering-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/owasp-zap-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/parameter-addition-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/parameter-pollution-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/path-relative-stylesheet-injection.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/platform-path-disclosure-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/remote-file-inclusion-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/robots-txt-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/secret-administrative-pages-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/server-side-request-forgery-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/setting-up-local-hostnames-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/setting-up-ssl-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/setting-up-virtual-hosts-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/sql-injection-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/sqlmap-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/ssl-misconfiguration-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/unrestricted-file-upload-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/unvalidated-redirects-and-forwards.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/user-agent-impersonation-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/xml-entity-expansion-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/xml-external-entity-attack-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/hints/xpath-injection-hint.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/images/bullet_black.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/images/coykillericon-50-38.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/images/favicon.ico
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/images/pdf-icon-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/images/twitter-bird-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/images/youtube-play-icon-40-40.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?do=toggle-enforce-ssl&page=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$lPage%20in%20%3Cb%3E/var/www/mutillidae/includes/header.php%3C/b%3E%20on%20line%20%3Cb%3E133%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?do=toggle-hints&page
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?do=toggle-security&page=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$lPage%20in%20%3Cb%3E/var/www/mutillidae/includes/header.php%3C/b%3E%20on%20line%20%3Cb%3E131%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=arbitrary-file-inclusion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=back-button-discussion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=browser-info.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=cache-control.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=capture-data.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=captured-data.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=client-side-comments.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=client-side-control-challenge.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=conference-room-lookup.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=content-security-policy.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=cors.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=credits.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=directory-browsing.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=dns-lookup.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=documentation/installation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=echo.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=edit-account-profile.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=framing.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=html5-storage.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=jwt.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=nice-tabby-cat.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E151%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E167%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E187%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E452%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E470%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E581%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=phpinfo.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=privilege-escalation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=register.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=repeater.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=robots-txt.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=secret-administrative-pages.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=set-background-color.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=show-log.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=source-viewer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=sqlmap-targets.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=ssl-misconfiguration.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=test-connectivity.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=upload-file.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=user-info-xpath.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=user-info.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=user-poll.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=view-someones-blog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?page=xml-validator.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/information-disclosure-comment.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/javascript/ddsmoothmenu/ddsmoothmenu.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/javascript/gritter/jquery.gritter.min.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/javascript/hints/hints-menu.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/javascript/inline-initializers/ddsmoothmenu-init.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/javascript/inline-initializers/gritter-init.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/javascript/inline-initializers/hints-menu-init.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/javascript/inline-initializers/jquery-init.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/javascript/inline-initializers/populate-web-storage.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/javascript/jQuery/colorbox/colorbox.css
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/javascript/jQuery/colorbox/jquery.colorbox-min.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/ldap-config.inc
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/log-visit.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/main-menu.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=credits.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=show-log.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/main-menu.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/minimum-class-definitions.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/installation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-10.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-12.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-13.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-14.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-15.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-16.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-18.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-19.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-20.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-21.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-23.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-24.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-25.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-27.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-28.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-29.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-30.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-31.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-32.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-34.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-35.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-36.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-37.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-38.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-40.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-41.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-42.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-43.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-44.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-45.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-47.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-49.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-50.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-51.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-52.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-53.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-54.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-56.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-58.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-59.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-60.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-61.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-62.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/process-commands.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/process-login-attempt.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/set-up-database.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/styles/ddsmoothmenu/ddsmoothmenu.css
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/styles/global-styles.css
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/styles/gritter/jquery.gritter.css
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/webservices/rest/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/webservices/rest/ws-user-account.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/webservices/soap/ws-echo.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/webservices/soap/ws-lookup-dns.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/webservices/soap/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/includes/webservices/soap/ws-user-account.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=documentation/installation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-enforce-ssl&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=documentation/installation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?do=toggle-security&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=arbitrary-file-inclusion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=back-button-discussion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=browser-info.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=cache-control.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=capture-data.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=captured-data.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=client-side-comments.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=client-side-control-challenge.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=conference-room-lookup.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=content-security-policy.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=cors.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=credits.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=directory-browsing.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=dns-lookup.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=documentation/installation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=echo.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=edit-account-profile.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=framing.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=html5-storage.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=http://www.google.com
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=jwt.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-62.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=nice-tabby-cat.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=phpinfo.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=privilege-escalation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=register.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=repeater.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=robots-txt.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=secret-administrative-pages.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=set-background-color.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=show-log.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=source-viewer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=sqlmap-targets.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=ssl-misconfiguration.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=test-connectivity.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=upload-file.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=user-info-xpath.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=user-info.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=user-poll.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=view-someones-blog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=xml-validator.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/?C=D;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/?C=D;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/?C=M;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/?C=M;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/?C=N;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/?C=N;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/?C=S;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/?C=S;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/bookmark-site.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/ddsmoothmenu.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu/jquery.min.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/follow-mouse.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/gritter
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/gritter/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/gritter/?C=D;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/gritter/?C=D;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/gritter/?C=M;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/gritter/?C=M;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/gritter/?C=N;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/gritter/?C=N;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/gritter/?C=S;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/gritter/?C=S;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/gritter/jquery.gritter.min.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/hints
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/hints/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/hints/?C=D;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/hints/?C=M;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/hints/?C=N;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/hints/?C=S;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/hints/hints-menu.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/html5-secrets.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/inline-initializers
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/inline-initializers/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=D;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=D;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=M;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=M;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=N;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=N;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=S;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/inline-initializers/?C=S;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/inline-initializers/ddsmoothmenu-init.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/inline-initializers/gritter-init.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/inline-initializers/hints-menu-init.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/inline-initializers/jquery-init.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/inline-initializers/populate-web-storage.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=D;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=D;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=M;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=M;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=N;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=N;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=S;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/?C=S;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=D;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=M;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=N;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=S;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/colorbox.css
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images/border.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images/controls.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images/loading.gif
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images/loading_background.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images/overlay.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/jquery.colorbox-min.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/jquery.colorbox.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/on-page-scripts
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=D;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=D;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=M;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=M;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=N;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=N;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=S;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/?C=S;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/javascript/on-page-scripts/content-security-policy.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/passwords
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/passwords/?C=D;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/passwords/?C=M;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/passwords/?C=M;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/passwords/?C=N;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/passwords/?C=N;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/passwords/?C=S;O=A
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/passwords/?C=S;O=D
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/passwords/accounts.txt
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/robots.txt
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/set-up-database.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/sitemap.xml
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/styles/ddsmoothmenu/ddsmoothmenu.css
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/styles/global-styles.css
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/styles/gritter/jquery.gritter.css
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/webservices/rest/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/webservices/rest/ws-user-account.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/webservices/soap/ws-echo.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/webservices/soap/ws-echo.php?wsdl
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/webservices/soap/ws-lookup-dns.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/webservices/soap/ws-lookup-dns.php?wsdl
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/webservices/soap/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/webservices/soap/ws-test-connectivity.php?wsdl
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/webservices/soap/ws-user-account.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/webservices/soap/ws-user-account.php?wsdl
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/ws-user-account.php?username=*
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/ws-user-account.php?username=adrian
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/*
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/10
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/2
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/3
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/4
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/?page=credits.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/?page=show-log.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/configuration/openldap/mutillidae.ldif
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/documentation/mutillidae-installation-on-xampp-win7.pdf
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/documentation/mutillidae-test-scripts.txt
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/framer.html
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=10
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=100
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=101
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=102
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=103
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=104
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=105
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=106
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=107
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=108
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=109
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=11
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=110
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=111
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=112
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=113
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=114
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=115
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=116
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=117
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=118
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=119
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=12
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=120
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=121
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=122
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=123
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=124
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=125
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=126
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=127
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=128
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=129
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=13
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=130
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=131
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=14
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=16
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=18
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=19
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=20
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=22
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=23
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=26
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=29
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=30
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=33
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=39
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=40
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=41
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=42
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=43
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=45
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=48
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=49
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=50
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=56
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=57
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=58
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=59
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=60
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=61
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=62
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=64
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=65
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=67
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=68
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=69
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=70
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=71
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=72
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=73
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=74
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=75
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=76
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=77
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=78
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=79
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=80
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=82
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=83
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=84
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=85
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=86
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=87
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=88
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=89
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=9
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=90
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=91
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=92
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=93
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=94
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=95
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=96
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=97
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=98
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=99
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/ajax_logo-75-79.jpg
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/arrow-45-degree-left-up.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/back-button-64-64.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/bullet_black.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/cage-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/cors-icon-75-75.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/coykillericon-50-38.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/delete-icon-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/down_arrow_16_16.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/edit-icon-20-20.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/favicon.ico
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/gritter/gritter.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/gritter/ie-spacer.gif
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/help-easy-button-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/help-icon-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/installation-icon-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/ldap-server-48-59.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/link-icon-16-16.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/malware-icon-75-75.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/pdf-icon-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/question-mark-40-61.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/right.gif
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/sign-post-60-75.gif
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/siren-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/sql-logo-64-64.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/twitter-bird-48-48.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/view-icon-20-20.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/images/youtube-play-icon-40-40.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/images/bullet_black.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=arbitrary-file-inclusion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=capture-data.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=client-side-comments.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=content-security-policy.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=cors.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=credits.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=directory-browsing.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/installation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=framing.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=html5-storage.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-1.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-10.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-11.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-12.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-13.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-14.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-15.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-16.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-17.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-18.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-19.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-2.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-20.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-21.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-22.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-23.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-24.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-25.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-26.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-27.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-28.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-29.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-3.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-30.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-31.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-32.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-33.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-34.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-35.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-36.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-37.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-38.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-39.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-4.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-40.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-41.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-42.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-43.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-44.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-45.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-46.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-47.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-48.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-49.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-5.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-50.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-51.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-52.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-53.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-54.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-55.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-56.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-57.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-58.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-59.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-6.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-60.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-61.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-62.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-63.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-7.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-8.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-9.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=password-generator.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=register.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=robots-txt.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=set-background-color.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=styling-frame.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=test-connectivity.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=user-info-xpath.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=logout
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=arbitrary-file-inclusion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=browser-info.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=capture-data.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=client-side-comments.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=content-security-policy.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=cors.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=credits.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=directory-browsing.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=documentation/installation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=framing.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=html5-storage.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=password-generator.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=phpinfo.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=register.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=robots-txt.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=set-background-color.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=styling-frame.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=test-connectivity.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-enforce-ssl&page=user-info-xpath.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=browser-info.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=client-side-comments.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=content-security-policy.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=cors.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=credits.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=directory-browsing.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=documentation/installation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=framing.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=html5-storage.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=register.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=robots-txt.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=test-connectivity.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-hints&page=user-info-xpath.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=arbitrary-file-inclusion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=browser-info.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=capture-data.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=client-side-comments.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=content-security-policy.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=cors.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=credits.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=directory-browsing.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=documentation/installation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=framing.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=html5-storage.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=password-generator.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=phpinfo.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=register.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=robots-txt.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=set-background-color.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=styling-frame.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=test-connectivity.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?do=toggle-security&page=user-info-xpath.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?forwardurl=10&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?forwardurl=2&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?forwardurl=3&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?forwardurl=4&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.issa-kentuckiana.org&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org/index.php/Louisville&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=back-button-discussion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=browser-info.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=cache-control.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=capture-data.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=captured-data.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=client-side-control-challenge.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=conference-room-lookup.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=conference-room-lookup.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=cors.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=credits.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=dns-lookup.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=documentation/installation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=echo.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=edit-account-profile.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=edit-account-profile.php&uid=39
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=framing.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=html5-storage.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=jwt.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-62.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=conference-room-lookup.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=dns-lookup.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=echo.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=edit-account-profile.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=repeater.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=source-viewer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=text-file-viewer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-info.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-poll.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=xml-validator.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=nice-tabby-cat.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=password-generator.php&username=canary
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=password-generator.php&username=ZAP
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=phpinfo.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=privilege-escalation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=register.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=repeater.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=robots-txt.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=secret-administrative-pages.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=show-log.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=source-viewer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=sqlmap-targets.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=ssl-misconfiguration.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=text-file-viewer.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=upload-file.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=user-info.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=user-info.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=user-poll.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=view-account-profile.php&uid=39
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=view-someones-blog.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=xml-validator.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=xml-validator.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=login.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLO1&page=home.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?ToolID=0923ac83-8b50-4eda-ad81-f1aac6168c5c&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/ddsmoothmenu/ddsmoothmenu.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/follow-mouse.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/gritter/jquery.gritter.min.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/hints/hints-menu.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/html5-secrets.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/inline-initializers/ddsmoothmenu-init.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/inline-initializers/gritter-init.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/inline-initializers/hints-menu-init.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/inline-initializers/jquery-init.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/inline-initializers/populate-web-storage.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/jQuery/colorbox/colorbox.css
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/jQuery/colorbox/images/border.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/jQuery/colorbox/images/controls.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/jQuery/colorbox/images/loading.gif
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/jQuery/colorbox/images/loading_background.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/jQuery/colorbox/images/overlay.png
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/jQuery/colorbox/jquery.colorbox-min.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/javascript/on-page-scripts/content-security-policy.js
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/README
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/rene-magritte.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/script
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/set-up-database.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/styles/ddsmoothmenu/ddsmoothmenu.css
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/styles/global-styles.css
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/styles/global.css
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/styles/gritter/jquery.gritter.css
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/styling.php?page-title=Styling%20with%20Mutillidae
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/webservices/rest/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/webservices/rest/ws-user-account.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/webservices/soap/ws-echo.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/webservices/soap/ws-echo.php?wsdl
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/webservices/soap/ws-lookup-dns.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/webservices/soap/ws-lookup-dns.php?wsdl
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/webservices/soap/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/webservices/soap/ws-test-connectivity.php?wsdl
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/webservices/soap/ws-user-account.php
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/webservices/soap/ws-user-account.php?wsdl
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/ws-user-account.php?username=*
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/ws-user-account.php?username=adrian
Method GET
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-12.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-15.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-18.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-23.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-32.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-36.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-41.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-42.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-44.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-49.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-52.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-56.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-58.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-59.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-60.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-61.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-62.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=html5-storage.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=register.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method POST
Parameter
Attack
Evidence Apache/2.4.62 (Debian)
Other Info
Instances 1754
Solution
Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.
Reference https://httpd.apache.org/docs/current/mod/core.html#servertokens
https://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)
https://www.troyhunt.com/shhh-dont-let-your-response-headers/
CWE Id 200
WASC Id 13
Plugin Id 10036
Low
Strict-Transport-Security Disabled
Description
A HTTP Strict Transport Security (HSTS) header was found, but it contains the directive max-age=0 which disables the control and instructs browsers to reset any previous HSTS related settings. See RFC 6797 for further details.

HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).
URL https://127.0.0.1/
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/?page=show-log.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?forwardurl=10&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?forwardurl=2&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?forwardurl=3&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?forwardurl=4&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.issa-kentuckiana.org&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org/index.php/Louisville&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=browser-info.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=cache-control.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=captured-data.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=client-side-control-challenge.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=conference-room-lookup.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=credits.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=documentation/installation.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=echo.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=edit-account-profile.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=edit-account-profile.php&uid=39
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=framing.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=html5-storage.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-62.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=login.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=conference-room-lookup.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=dns-lookup.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=edit-account-profile.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=text-file-viewer.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-info.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-poll.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=xml-validator.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=nice-tabby-cat.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=password-generator.php&username=canary
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=password-generator.php&username=ZAP
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=register.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=repeater.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=robots-txt.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=show-log.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=source-viewer.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=text-file-viewer.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=upload-file.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=user-info.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=view-account-profile.php&uid=39
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=xml-validator.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=login.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLO1&page=home.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?ToolID=0923ac83-8b50-4eda-ad81-f1aac6168c5c&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=register.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method POST
Parameter
Attack
Evidence max-age=0
Other Info
Instances 228
Solution
Review the configuration of this control. Ensure that your web server, application server, load balancer, etc. is configured to set Strict-Transport-Security with an appropriate max-age value.
Reference https://datatracker.ietf.org/doc/html/rfc6797#section-6.2
CWE Id 319
WASC Id 15
Plugin Id 10035
Low
Strict-Transport-Security Header Not Set
Description
HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.
URL https://127.0.0.1/*
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/10
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/2
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/3
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/4
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/?page=credits.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/configuration/openldap/mutillidae.ldif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/documentation/mutillidae-installation-on-xampp-win7.pdf
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/documentation/mutillidae-test-scripts.txt
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/framer.html
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=10
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=100
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=101
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=102
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=103
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=104
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=105
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=106
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=107
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=108
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=109
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=11
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=110
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=111
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=112
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=113
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=114
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=115
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=116
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=117
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=118
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=119
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=12
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=120
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=121
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=122
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=123
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=124
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=125
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=126
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=127
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=128
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=129
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=13
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=130
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=131
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=14
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=16
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=18
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=19
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=20
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=22
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=23
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=26
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=29
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=30
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=33
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=39
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=40
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=41
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=42
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=43
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=45
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=48
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=49
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=50
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=56
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=57
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=58
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=59
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=60
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=61
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=62
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=64
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=65
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=67
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=68
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=69
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=70
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=71
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=72
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=73
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=74
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=75
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=76
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=77
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=78
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=79
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=80
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=82
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=83
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=84
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=85
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=86
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=87
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=88
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=89
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=9
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=90
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=91
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=92
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=93
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=94
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=95
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=96
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=97
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=98
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=99
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/ajax_logo-75-79.jpg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/arrow-45-degree-left-up.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/back-button-64-64.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/bullet_black.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/cage-48-48.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/cors-icon-75-75.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/coykillericon-50-38.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/delete-icon-48-48.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/down_arrow_16_16.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/edit-icon-20-20.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/favicon.ico
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/gritter/gritter.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/gritter/ie-spacer.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/help-easy-button-48-48.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/help-icon-48-48.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/installation-icon-48-48.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/ldap-server-48-59.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/link-icon-16-16.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/malware-icon-75-75.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/pdf-icon-48-48.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/question-mark-40-61.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/right.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/sign-post-60-75.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/siren-48-48.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/sql-logo-64-64.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/twitter-bird-48-48.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/view-icon-20-20.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/images/youtube-play-icon-40-40.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/images/bullet_black.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=arbitrary-file-inclusion.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=capture-data.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=client-side-comments.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=content-security-policy.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=cors.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=credits.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=directory-browsing.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/installation.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=framing.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=html5-storage.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-1.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-10.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-11.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-12.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-13.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-14.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-15.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-16.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-17.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-18.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-19.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-2.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-20.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-21.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-22.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-23.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-24.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-25.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-26.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-27.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-28.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-29.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-3.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-30.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-31.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-32.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-33.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-34.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-35.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-36.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-37.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-38.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-39.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-4.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-40.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-41.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-42.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-43.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-44.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-45.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-46.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-47.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-48.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-49.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-5.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-50.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-51.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-52.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-53.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-54.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-55.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-56.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-57.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-58.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-59.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-6.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-60.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-61.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-62.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-63.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-7.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-8.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-9.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=password-generator.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=register.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=robots-txt.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=set-background-color.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=styling-frame.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=test-connectivity.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=user-info-xpath.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=back-button-discussion.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=capture-data.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=cors.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=echo.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=repeater.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=source-viewer.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=phpinfo.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=privilege-escalation.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=secret-administrative-pages.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=sqlmap-targets.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=ssl-misconfiguration.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/ddsmoothmenu/ddsmoothmenu.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/follow-mouse.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/gritter/jquery.gritter.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/hints/hints-menu.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/html5-secrets.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/inline-initializers/ddsmoothmenu-init.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/inline-initializers/gritter-init.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/inline-initializers/hints-menu-init.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/inline-initializers/jquery-init.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/inline-initializers/populate-web-storage.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/jQuery/colorbox/colorbox.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/jQuery/colorbox/images/border.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/jQuery/colorbox/images/controls.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/jQuery/colorbox/images/loading.gif
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/jQuery/colorbox/images/loading_background.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/jQuery/colorbox/images/overlay.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/jQuery/colorbox/jquery.colorbox-min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/javascript/on-page-scripts/content-security-policy.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/README
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/rene-magritte.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/script
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/set-up-database.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/styles/ddsmoothmenu/ddsmoothmenu.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/styles/global-styles.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/styles/global.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/styles/gritter/jquery.gritter.css
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/styling.php?page-title=Styling%20with%20Mutillidae
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/rest/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/rest/ws-user-account.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-echo.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-echo.php?wsdl
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-lookup-dns.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-lookup-dns.php?wsdl
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-test-connectivity.php?wsdl
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-user-account.php
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-user-account.php?wsdl
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/ws-user-account.php?username=*
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/ws-user-account.php?username=adrian
Method GET
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=html5-storage.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php
Method POST
Parameter
Attack
Evidence
Other Info
Instances 329
Solution
Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.
Reference https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html
https://owasp.org/www-community/Security_Headers
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
https://caniuse.com/stricttransportsecurity
https://datatracker.ietf.org/doc/html/rfc6797
CWE Id 319
WASC Id 15
Plugin Id 10035
Low
Timestamp Disclosure - Unix
Description
A timestamp was disclosed by the application/web server. - Unix
URL http://127.0.0.1/includes/hints/jwt-hint.inc
Method GET
Parameter
Attack
Evidence 1614781700
Other Info 1614781700, which evaluates to: 2021-03-03 15:28:20.
URL http://127.0.0.1/includes/hints/jwt-hint.inc
Method GET
Parameter
Attack
Evidence 1614783500
Other Info 1614783500, which evaluates to: 2021-03-03 15:58:20.
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence 1730145314
Other Info 1730145314, which evaluates to: 2024-10-28 20:55:14.
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence 1730145314
Other Info 1730145314, which evaluates to: 2024-10-28 20:55:14.
Instances 4
Solution
Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
Reference https://cwe.mitre.org/data/definitions/200.html
CWE Id 200
WASC Id 13
Plugin Id 10096
Low
X-Content-Type-Options Header Missing
Description
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
URL http://127.0.0.1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/classes/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/classes/?C=D;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/classes/?C=D;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/classes/?C=M;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/classes/?C=M;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/classes/?C=N;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/classes/?C=N;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/classes/?C=S;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/classes/?C=S;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/classes/CSRFTokenHandler.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/classes/DirectoryIterationHandler.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/data/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/data/?C=D;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/data/?C=M;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/data/?C=M;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/data/?C=N;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/data/?C=N;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/data/?C=S;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/data/?C=S;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/data/accounts.xml
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/documentation/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/documentation/?C=D;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/documentation/?C=D;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/documentation/?C=M;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/documentation/?C=M;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/documentation/?C=N;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/documentation/?C=N;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/documentation/?C=S;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/documentation/?C=S;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/documentation/installation.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/documentation/mutillidae-demo.txt
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/documentation/mutillidae-installation-on-xampp-win7.pdf
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/documentation/mutillidae-test-scripts.txt
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/documentation/usage-instructions.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/documentation/vulnerabilities.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/framer.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=10
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=101
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=102
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=103
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=104
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=105
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=107
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=108
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=109
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=11
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=110
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=111
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=112
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=114
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=116
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=117
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=118
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=119
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=12
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=120
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=121
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=123
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=125
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=126
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=127
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=128
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=129
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=13
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=39
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=40
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=48
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=56
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=57
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=59
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=60
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=61
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=62
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=64
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=86
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=9
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=97
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=99
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/icons/back.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/icons/blank.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/icons/folder.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/icons/layout.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/icons/text.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/icons/unknown.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/arrow-45-degree-left-up.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/back-button-64-64.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/bullet_black.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/coykillericon-50-38.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/down_arrow_16_16.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/favicon.ico
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/gritter/gritter.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/gritter/ie-spacer.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/help-easy-button-48-48.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/help-icon-48-48.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/installation-icon-48-48.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/ldap-server-48-59.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/link-icon-16-16.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/pdf-icon-48-48.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/question-mark-40-61.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/right.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/siren-48-48.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/twitter-bird-48-48.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/images/youtube-play-icon-40-40.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/?C=D;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/?C=D;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/?C=M;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/?C=M;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/?C=N;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/?C=N;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/?C=S;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/?C=S;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/back-button.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/database-config.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/header.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/header.php?page=add-to-your-blog.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/header.php?page=credits.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/header.php?page=show-log.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/header.php?page=text-file-viewer.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/help-button.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/?C=D;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/?C=D;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/?C=M;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/?C=M;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/?C=N;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/?C=N;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/?C=S;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/?C=S;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/application-log-injection.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/application-path-disclosure-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/authentication-bypass-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/beef-framework-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/buffer-overflow-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/burp-suite-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/cascading-style-sheet-injection-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/cbc-bit-flipping-attack-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/click-jacking-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/client-side-comments.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/client-side-security-control-bypass.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/command-injection-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/content-security-policy-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/cross-origin-resource-sharing-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/cross-site-request-forgery-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/cross-site-scripting-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/directory-browsing-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/dom-injection-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/frame-source-injection-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/hint-not-found.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/hints-menu-wrapper.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/hints-not-found.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/html-injection-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/html5-web-storage-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/information-disclosure-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/insecure-direct-object-reference-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/insufficient-transport-layer-protection.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/javascript-injection-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/javascript-validation-bypass-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/json-injection-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/jwt-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-1-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-10-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-11-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-12-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-13-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-14-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-15-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-16-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-17-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-18-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-19-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-2-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-20-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-21-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-22-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-23-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-24-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-25-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-26-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-27-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-28-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-29-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-3-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-30-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-31-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-32-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-33-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-34-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-35-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-36-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-37-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-38-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-39-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-4-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-40-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-41-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-42-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-43-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-44-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-45-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-46-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-47-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-48-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-49-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-5-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-50-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-51-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-52-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-53-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-54-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-55-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-56-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-57-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-58-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-59-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-6-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-60-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-61-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-62-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-63-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-7-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-8-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/lab-9-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/ldap-injection-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/ldap-setup-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/local-file-inclusion-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/method-tampering-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/owasp-zap-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/parameter-addition-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/parameter-pollution-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/path-relative-stylesheet-injection.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/platform-path-disclosure-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/remote-file-inclusion-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/robots-txt-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/secret-administrative-pages-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/server-side-request-forgery-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/setting-up-local-hostnames-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/setting-up-ssl-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/setting-up-virtual-hosts-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/sql-injection-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/sqlmap-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/ssl-misconfiguration-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/unrestricted-file-upload-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/unvalidated-redirects-and-forwards.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/user-agent-impersonation-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/xml-entity-expansion-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/xml-external-entity-attack-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/hints/xpath-injection-hint.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/information-disclosure-comment.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/ldap-config.inc
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/log-visit.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/main-menu.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/main-menu.php?page=add-to-your-blog.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/main-menu.php?page=credits.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/main-menu.php?page=show-log.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/main-menu.php?page=text-file-viewer.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/minimum-class-definitions.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=/var/www/mutillidae/home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/installation.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/usage-instructions.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/vulnerabilities.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-10.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-12.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-13.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-14.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-15.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-16.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-18.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-19.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-20.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-21.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-23.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-24.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-25.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-27.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-28.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-29.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-30.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-31.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-32.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-34.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-35.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-36.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-37.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-38.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-40.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-41.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-42.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-43.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-44.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-45.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-47.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-49.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-50.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-51.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-52.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-53.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-54.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-56.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-58.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-59.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-60.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-61.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-62.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=login.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/process-commands.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/includes/process-login-attempt.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=labs/lab-1.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=labs/lab-2.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=labs/lab-3.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=labs/lab-4.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=labs/lab-5.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=labs/lab-6.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=labs/lab-7.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=labs/lab-8.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=labs/lab-9.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=/var/www/mutillidae/home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=/var/www/mutillidae/home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=login.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=login.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/?C=D;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/?C=D;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/?C=M;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/?C=M;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/?C=N;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/?C=N;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/?C=S;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/?C=S;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/bookmark-site.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/ddsmoothmenu/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=D;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=M;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=N;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/ddsmoothmenu/?C=S;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/ddsmoothmenu/ddsmoothmenu.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/ddsmoothmenu/jquery.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/follow-mouse.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/gritter/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/gritter/?C=D;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/gritter/?C=D;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/gritter/?C=M;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/gritter/?C=M;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/gritter/?C=N;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/gritter/?C=N;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/gritter/?C=S;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/gritter/?C=S;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/gritter/jquery.gritter.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/hints/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/hints/?C=D;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/hints/?C=M;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/hints/?C=N;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/hints/?C=S;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/hints/hints-menu.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/html5-secrets.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/inline-initializers/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/inline-initializers/?C=D;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/inline-initializers/?C=D;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/inline-initializers/?C=M;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/inline-initializers/?C=M;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/inline-initializers/?C=N;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/inline-initializers/?C=N;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/inline-initializers/?C=S;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/inline-initializers/?C=S;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/inline-initializers/ddsmoothmenu-init.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/inline-initializers/gritter-init.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/inline-initializers/hints-menu-init.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/inline-initializers/jquery-init.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/inline-initializers/populate-web-storage.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/?C=D;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/?C=D;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/?C=M;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/?C=M;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/?C=N;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/?C=N;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/?C=S;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/?C=S;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/colorbox/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=D;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=M;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=N;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/colorbox/?C=S;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/colorbox/colorbox.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/colorbox/images/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/colorbox/images/border.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/colorbox/images/controls.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/colorbox/images/loading.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/colorbox/images/loading_background.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/colorbox/images/overlay.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/colorbox/jquery.colorbox-min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/colorbox/jquery.colorbox.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/on-page-scripts/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/on-page-scripts/?C=D;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/on-page-scripts/?C=D;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/on-page-scripts/?C=M;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/on-page-scripts/?C=M;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/on-page-scripts/?C=N;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/on-page-scripts/?C=N;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/on-page-scripts/?C=S;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/on-page-scripts/?C=S;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/javascript/on-page-scripts/content-security-policy.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/passwords/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/passwords/?C=D;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/passwords/?C=M;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/passwords/?C=M;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/passwords/?C=N;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/passwords/?C=N;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/passwords/?C=S;O=A
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/passwords/?C=S;O=D
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/passwords/accounts.txt
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/robots.txt
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/set-up-database.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/styles/ddsmoothmenu/ddsmoothmenu.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/styles/global-styles.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/styles/gritter/jquery.gritter.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/webservices/rest/ws-test-connectivity.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/webservices/rest/ws-user-account.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/webservices/soap/ws-echo.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/webservices/soap/ws-echo.php?wsdl
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/webservices/soap/ws-lookup-dns.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/webservices/soap/ws-lookup-dns.php?wsdl
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/webservices/soap/ws-test-connectivity.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/webservices/soap/ws-test-connectivity.php?wsdl
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/webservices/soap/ws-user-account.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/webservices/soap/ws-user-account.php?wsdl
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/documentation/mutillidae-installation-on-xampp-win7.pdf
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/documentation/mutillidae-test-scripts.txt
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/framer.html
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=10
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=100
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=101
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=102
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=103
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=104
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=105
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=106
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=107
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=108
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=109
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=11
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=110
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=111
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=112
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=113
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=114
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=115
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=116
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=117
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=118
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=119
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=12
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=120
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=121
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=122
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=123
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=124
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=125
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=126
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=127
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=128
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=129
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=13
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=130
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=131
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=14
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=16
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=18
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=19
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=20
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=22
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=23
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=26
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=29
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=30
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=33
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=39
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=40
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=41
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=42
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=43
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=45
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=48
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=49
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=50
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=56
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=57
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=58
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=59
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=60
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=61
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=62
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=64
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=65
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=67
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=68
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=69
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=70
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=71
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=72
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=73
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=74
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=75
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=76
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=77
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=78
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=79
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=80
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=82
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=83
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=84
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=85
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=86
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=87
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=88
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=89
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=9
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=90
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=91
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=92
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=93
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=94
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=95
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=96
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=97
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=98
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=99
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/ajax_logo-75-79.jpg
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/arrow-45-degree-left-up.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/back-button-64-64.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/bullet_black.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/cage-48-48.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/cors-icon-75-75.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/coykillericon-50-38.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/delete-icon-48-48.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/down_arrow_16_16.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/edit-icon-20-20.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/favicon.ico
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/gritter/gritter.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/gritter/ie-spacer.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/help-easy-button-48-48.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/help-icon-48-48.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/installation-icon-48-48.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/ldap-server-48-59.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/link-icon-16-16.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/malware-icon-75-75.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/pdf-icon-48-48.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/question-mark-40-61.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/right.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/sign-post-60-75.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/siren-48-48.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/sql-logo-64-64.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/twitter-bird-48-48.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/view-icon-20-20.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/images/youtube-play-icon-40-40.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=./documentation/vulnerabilities.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=/var/www/mutillidae/home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=arbitrary-file-inclusion.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=capture-data.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=client-side-comments.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=content-security-policy.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=cors.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=credits.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=directory-browsing.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/installation.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/usage-instructions.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=documentation/vulnerabilities.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=framing.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=html5-storage.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-1.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-10.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-11.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-12.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-13.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-14.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-15.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-16.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-17.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-18.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-19.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-2.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-20.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-21.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-22.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-23.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-24.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-25.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-26.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-27.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-28.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-29.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-3.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-30.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-31.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-32.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-33.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-34.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-35.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-36.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-37.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-38.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-39.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-4.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-40.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-41.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-42.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-43.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-44.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-45.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-46.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-47.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-48.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-49.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-5.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-50.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-51.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-52.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-53.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-54.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-55.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-56.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-57.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-58.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-59.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-6.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-60.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-61.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-62.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-63.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-7.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-8.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=labs/lab-9.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=login.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=password-generator.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=pen-test-tool-lookup-ajax.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=pen-test-tool-lookup.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=register.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=robots-txt.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=set-background-color.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=site-footer-xss-discussion.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=styling-frame.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=test-connectivity.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=user-agent-impersonation.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/includes/pop-up-help-context-generator.php?pagename=user-info-xpath.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?forwardurl=10&page=redirectandlog.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?forwardurl=2&page=redirectandlog.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?forwardurl=3&page=redirectandlog.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?forwardurl=4&page=redirectandlog.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?forwardurl=http://www.issa-kentuckiana.org&page=redirectandlog.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org&page=redirectandlog.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org/index.php/Louisville&page=redirectandlog.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=./documentation/vulnerabilities.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SL1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SSLE1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=browser-info.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=cache-control.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SL0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=client-side-comments.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=L1H1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SL5
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=client-side-control-challenge.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=conference-room-lookup.php&popUpNotificationCode=AU1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=L1H1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SL5
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SSLE1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=L1H1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=credits.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=L1H0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SL1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=directory-browsing.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=L1H0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SL1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SSLE1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=documentation/installation.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=documentation/usage-instructions.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=edit-account-profile.php&uid=39
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=framing.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SL5
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=html5-storage.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SL5
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SL1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SSLE1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-62.php&popUpNotificationCode=SL5
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=login.php&popUpNotificationCode=L1H0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=add-to-your-blog.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=conference-room-lookup.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=dns-lookup.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=edit-account-profile.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=text-file-viewer.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-info.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-poll.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=xml-validator.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=nice-tabby-cat.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=password-generator.php&username=canary
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=password-generator.php&username=ZAP
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SL1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SL5
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SSLE1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SL0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SSLE1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SL1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=register.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=robots-txt.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SL1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=site-footer-xss-discussion.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SL0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SL1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SSLE1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=text-file-viewer.php&popUpNotificationCode=AU1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=L1H0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SL0
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SL5
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SSLO1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=user-info.php&popUpNotificationCode=AU1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=view-account-profile.php&uid=39
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=xml-validator.php&popUpNotificationCode=AU1
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=/var/www/mutillidae/home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=login.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLO1&page=home.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?ToolID=0923ac83-8b50-4eda-ad81-f1aac6168c5c&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/ddsmoothmenu/ddsmoothmenu.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/follow-mouse.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/gritter/jquery.gritter.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/hints/hints-menu.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/html5-secrets.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/inline-initializers/ddsmoothmenu-init.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/inline-initializers/gritter-init.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/inline-initializers/hints-menu-init.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/inline-initializers/jquery-init.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/inline-initializers/populate-web-storage.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/jQuery/colorbox/colorbox.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/jQuery/colorbox/images/border.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/jQuery/colorbox/images/controls.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/jQuery/colorbox/images/loading.gif
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/jQuery/colorbox/images/loading_background.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/jQuery/colorbox/images/overlay.png
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/jQuery/colorbox/jquery.colorbox-min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/javascript/on-page-scripts/content-security-policy.js
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/rene-magritte.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/set-up-database.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/styles/ddsmoothmenu/ddsmoothmenu.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/styles/global-styles.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/styles/gritter/jquery.gritter.css
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/styling.php?page-title=Styling%20with%20Mutillidae
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/webservices/rest/ws-test-connectivity.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/webservices/rest/ws-user-account.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/webservices/soap/ws-echo.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/webservices/soap/ws-echo.php?wsdl
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/webservices/soap/ws-lookup-dns.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/webservices/soap/ws-lookup-dns.php?wsdl
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/webservices/soap/ws-test-connectivity.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/webservices/soap/ws-test-connectivity.php?wsdl
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/webservices/soap/ws-user-account.php
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/webservices/soap/ws-user-account.php?wsdl
Method GET
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=register.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method POST
Parameter x-content-type-options
Attack
Evidence
Other Info This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
Instances 942
Solution
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
Reference https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)
https://owasp.org/www-community/Security_Headers
CWE Id 693
WASC Id 15
Plugin Id 10021
Informational
Authentication Request Identified
Description
The given request has been identified as an authentication request. The 'Other Info' field contains a set of key=value lines which identify any relevant fields. If the request is in a context which has an Authentication Method set to "Auto-Detect" then this rule will change the authentication to match the request identified.
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter user-info-php-submit-button
Attack
Evidence password
Other Info userParam=user-info-php-submit-button userValue=View Account Details passwordParam=password referer=https://127.0.0.1/index.php?page=user-info-xpath.php csrfToken=csrf-token
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method POST
Parameter user-info-php-submit-button
Attack
Evidence password
Other Info userParam=user-info-php-submit-button userValue=View Account Details passwordParam=password referer=https://127.0.0.1/index.php?page=user-info-xpath.php csrfToken=csrf-token
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter login-php-submit-button
Attack
Evidence password
Other Info userParam=login-php-submit-button userValue=Login passwordParam=password referer=http://127.0.0.1/index.php?page=login.php csrfToken=csrf-token
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter login-php-submit-button
Attack
Evidence password
Other Info userParam=login-php-submit-button userValue=Login passwordParam=password referer=https://127.0.0.1/index.php?page=login.php csrfToken=csrf-token
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter login-php-submit-button
Attack
Evidence password
Other Info userParam=login-php-submit-button userValue=Login passwordParam=password referer=https://127.0.0.1/index.php?page=login.php&redirectPage=add-to-your-blog.php csrfToken=csrf-token
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter login-php-submit-button
Attack
Evidence password
Other Info userParam=login-php-submit-button userValue=Login passwordParam=password referer=https://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php csrfToken=csrf-token
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter login-php-submit-button
Attack
Evidence password
Other Info userParam=login-php-submit-button userValue=Login passwordParam=password referer=https://127.0.0.1/index.php?page=login.php&redirectPage=conference-room-lookup.php csrfToken=csrf-token
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter login-php-submit-button
Attack
Evidence password
Other Info userParam=login-php-submit-button userValue=Login passwordParam=password referer=https://127.0.0.1/index.php?page=login.php&redirectPage=dns-lookup.php csrfToken=csrf-token
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter login-php-submit-button
Attack
Evidence password
Other Info userParam=login-php-submit-button userValue=Login passwordParam=password referer=https://127.0.0.1/index.php?page=login.php&redirectPage=text-file-viewer.php csrfToken=csrf-token
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter login-php-submit-button
Attack
Evidence password
Other Info userParam=login-php-submit-button userValue=Login passwordParam=password referer=https://127.0.0.1/index.php?page=login.php&redirectPage=user-info.php csrfToken=csrf-token
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter login-php-submit-button
Attack
Evidence password
Other Info userParam=login-php-submit-button userValue=Login passwordParam=password referer=https://127.0.0.1/index.php?page=login.php&redirectPage=user-poll.php csrfToken=csrf-token
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter login-php-submit-button
Attack
Evidence password
Other Info userParam=login-php-submit-button userValue=Login passwordParam=password referer=https://127.0.0.1/index.php?page=login.php&redirectPage=xml-validator.php csrfToken=csrf-token
Instances 12
Solution
This is an informational alert rather than a vulnerability and so there is nothing to fix.
Reference https://www.zaproxy.org/docs/desktop/addons/authentication-helper/auth-req-id/
CWE Id
WASC Id
Plugin Id 10111
Informational
Charset Mismatch (Header Versus Meta Content-Type Charset)
Description
This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.

An attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=1
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=10
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=101
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=102
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=103
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=104
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=105
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=107
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=108
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=109
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=11
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=110
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=111
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=112
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=114
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=116
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=117
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=118
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=119
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=12
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=120
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=121
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=123
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=125
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=126
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=127
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=128
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=129
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=13
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=39
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=40
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=48
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=56
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=57
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=59
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=60
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=61
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=62
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=64
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=86
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=9
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=97
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=99
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=1
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=10
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=100
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=101
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=102
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=103
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=104
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=105
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=106
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=107
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=108
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=109
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=11
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=110
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=111
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=112
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=113
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=114
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=115
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=116
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=117
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=118
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=119
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=12
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=120
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=121
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=122
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=123
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=124
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=125
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=126
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=127
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=128
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=129
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=13
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=130
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=131
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=14
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=16
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=18
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=19
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=20
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=22
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=23
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=25
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=26
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=29
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=30
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=33
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=39
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=40
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=41
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=42
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=43
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=45
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=48
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=49
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=50
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=53
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=54
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=55
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=56
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=57
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=58
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=59
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=60
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=61
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=62
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=64
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=65
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=67
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=68
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=69
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=70
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=71
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=72
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=73
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=74
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=75
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=76
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=77
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=78
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=79
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=80
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=82
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=83
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=84
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=85
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=86
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=87
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=88
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=89
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=9
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=90
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=91
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=92
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=93
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=94
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=95
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=96
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=97
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=98
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=99
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
URL https://127.0.0.1/rene-magritte.php
Method GET
Parameter
Attack
Evidence
Other Info There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-8859-1] do not match.
Instances 153
Solution
Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.
Reference https://code.google.com/p/browsersec/wiki/Part2#Character_set_handling_and_detection
CWE Id 436
WASC Id 15
Plugin Id 90011
Informational
Content-Type Header Missing
Description
The Content-Type header was either missing or empty.
URL http://127.0.0.1/includes/back-button.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/database-config.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/help-button.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/application-log-injection.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/application-path-disclosure-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/authentication-bypass-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/beef-framework-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/buffer-overflow-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/burp-suite-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/cascading-style-sheet-injection-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/cbc-bit-flipping-attack-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/click-jacking-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/client-side-comments.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/client-side-security-control-bypass.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/command-injection-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/content-security-policy-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/cross-origin-resource-sharing-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/cross-site-request-forgery-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/cross-site-scripting-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/directory-browsing-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/dom-injection-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/frame-source-injection-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/hint-not-found.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/hints-menu-wrapper.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/hints-not-found.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/html-injection-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/html5-web-storage-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/information-disclosure-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/insecure-direct-object-reference-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/insufficient-transport-layer-protection.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/javascript-injection-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/javascript-validation-bypass-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/json-injection-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/jwt-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-1-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-10-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-11-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-12-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-13-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-14-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-15-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-16-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-17-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-18-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-19-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-2-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-20-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-21-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-22-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-23-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-24-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-25-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-26-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-27-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-28-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-29-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-3-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-30-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-31-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-32-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-33-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-34-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-35-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-36-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-37-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-38-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-39-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-4-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-40-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-41-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-42-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-43-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-44-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-45-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-46-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-47-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-48-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-49-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-5-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-50-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-51-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-52-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-53-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-54-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-55-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-56-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-57-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-58-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-59-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-6-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-60-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-61-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-62-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-63-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-7-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-8-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/lab-9-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/ldap-injection-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/ldap-setup-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/local-file-inclusion-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/method-tampering-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/owasp-zap-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/parameter-addition-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/parameter-pollution-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/path-relative-stylesheet-injection.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/platform-path-disclosure-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/remote-file-inclusion-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/robots-txt-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/secret-administrative-pages-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/server-side-request-forgery-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/setting-up-local-hostnames-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/setting-up-ssl-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/setting-up-virtual-hosts-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/sql-injection-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/sqlmap-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/ssl-misconfiguration-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/unrestricted-file-upload-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/unvalidated-redirects-and-forwards.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/user-agent-impersonation-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/xml-entity-expansion-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/xml-external-entity-attack-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/hints/xpath-injection-hint.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
URL http://127.0.0.1/includes/ldap-config.inc
Method GET
Parameter content-type
Attack
Evidence
Other Info
Instances 123
Solution
Ensure each page is setting the specific and appropriate content-type value for the content being delivered.
Reference https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)
CWE Id 345
WASC Id 12
Plugin Id 10019
Informational
Cookie Poisoning
Description
This check looks at user-supplied input in query string parameters and POST data to identify where cookie parameters might be controlled. This is called a cookie poisoning attack, and becomes exploitable when an attacker can manipulate the cookie in various ways. In some cases this will not be exploitable, however, allowing URL parameters to set cookie values is generally considered a bug.
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter password
Attack
Evidence
Other Info An attacker may be able to poison cookie values through POST parameters. To test if this is a more serious issue, you should try resending that request as a GET, with the POST parameter included as a query string parameter. For example: https://nottrusted.com/page?value=maliciousInput. This was identified at: https://127.0.0.1/index.php?page=login.php User-input was found in the following cookie: username=ZAP; path=/; SameSite=Lax The user input was: password=ZAP
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter username
Attack
Evidence
Other Info An attacker may be able to poison cookie values through POST parameters. To test if this is a more serious issue, you should try resending that request as a GET, with the POST parameter included as a query string parameter. For example: https://nottrusted.com/page?value=maliciousInput. This was identified at: https://127.0.0.1/index.php?page=login.php User-input was found in the following cookie: username=ZAP; path=/; SameSite=Lax The user input was: username=ZAP
Instances 2
Solution
Do not allow user input to control cookie names and values. If some query string parameters must be set in cookie values, be sure to filter out semicolon's that can serve as name/value pair delimiters.
Reference https://en.wikipedia.org/wiki/HTTP_cookie
https://cwe.mitre.org/data/definitions/565.html
CWE Id 565
WASC Id 20
Plugin Id 10029
Informational
GET for POST
Description
A request that was originally observed as a POST was also accepted as a GET. This issue does not represent a security weakness unto itself, however, it may facilitate simplification of other attacks. For example if the original POST is subject to Cross-Site Scripting (XSS), then this finding may indicate that a simplified (GET based) XSS may also be possible.
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence GET http://127.0.0.1/index.php?answer=1&submit-button=Submit HTTP/1.1
Other Info
Instances 1
Solution
Ensure that only POST is accepted where POST is expected.
Reference
CWE Id 16
WASC Id 20
Plugin Id 10058
Informational
Information Disclosure - Sensitive Information in URL
Description
The request appeared to contain sensitive information leaked in the URL. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment.
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E151%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E167%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E187%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E452%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E470%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=%3Cbr%20/%3E%0A%3Cb%3EWarning%3C/b%3E:%20%20Undefined%20variable%20$logged_in_user%20in%20%3Cb%3E/var/www/mutillidae/includes/main-menu.php%3C/b%3E%20on%20line%20%3Cb%3E581%3C/b%3E%3Cbr%20/%3E
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
URL http://127.0.0.1/includes/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
URL http://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
URL http://127.0.0.1/ws-user-account.php?username=*
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
URL http://127.0.0.1/ws-user-account.php?username=adrian
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
URL https://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
URL https://127.0.0.1/index.php?page=password-generator.php&username=canary
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
URL https://127.0.0.1/index.php?page=password-generator.php&username=ZAP
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter password
Attack
Evidence password
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: pass password
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter user-info-php-submit-button
Attack
Evidence user-info-php-submit-button
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user user-info-php-submit-button
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
URL https://127.0.0.1/ws-user-account.php?username=*
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
URL https://127.0.0.1/ws-user-account.php?username=adrian
Method GET
Parameter username
Attack
Evidence username
Other Info The URL contains potentially sensitive information. The following string was found via the pattern: user username
Instances 18
Solution
Do not pass sensitive information in URIs.
Reference
CWE Id 200
WASC Id 13
Plugin Id 10024
Informational
Information Disclosure - Suspicious Comments
Description
The response appears to contain suspicious comments which may help an attacker. Note: Matches made within script blocks or files are against the entire content not only comments.
URL http://127.0.0.1/documentation/mutillidae-test-scripts.txt
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 2 times, the first in the element starting with: "<script> function capture(theForm){ var lXMLHTTP; try{ var lData = "username=" + theForm.username.value + "&pas", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/ddsmoothmenu/ddsmoothmenu.js
Method GET
Parameter
Attack
Evidence bug
Other Info The following pattern was used: \bBUG\b and was detected in the element starting with: "//** July 27th, 09" (v1.31): Fixed bug so shadows can be disabled if desired.", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/ddsmoothmenu/ddsmoothmenu.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: " menuleft=(header._offsets.left+menuleft+header._dimensions.subulw>$(window).width())? (header.istopheader && setting.orient", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/ddsmoothmenu/jquery.min.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected in the element starting with: "(function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#(", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/ddsmoothmenu/jquery.min.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "(function(){var R=/((?:\((?:\([^()]+\)|[^()]+)+\)|\[(?:\[[^[\]]*\]|['"][^'"]*['"]|[^[\]'"]+)+\]|\\.|[^ >+~,(\[\\]+)+|[>+~])(\s*,", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/inline-initializers/gritter-init.js
Method GET
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: " case "AU1": l_message = "User Authenticated";break;", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/inline-initializers/populate-web-storage.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: " window.sessionStorage.setItem("ChuckNorrisJoke1","When Alexander Bell invented the telephone he had 3 missed calls from Chuck ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/jQuery/colorbox/jquery.colorbox-min.js
Method GET
Parameter
Attack
Evidence db
Other Info The following pattern was used: \bDB\b and was detected in the element starting with: "(function(a,b,c){function Z(c,d,e){var g=b.createElement(c);return d&&(g.id=f+d),e&&(g.style.cssText=e),a(g)}function $(a){var b", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/jQuery/colorbox/jquery.colorbox.js
Method GET
Parameter
Attack
Evidence bug
Other Info The following pattern was used: \bBUG\b and was detected 4 times, the first in the element starting with: " // it can invoke an obscure IE bug when using iframes.", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/jQuery/colorbox/jquery.colorbox.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected 6 times, the first in the element starting with: " open = active = true; // Prevents the page-change action from queuing up if the visitor holds down the left or right keys.", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/jQuery/colorbox/jquery.colorbox.js
Method GET
Parameter
Attack
Evidence SELECT
Other Info The following pattern was used: \bSELECT\b and was detected 2 times, the first in the element starting with: " // Hides SELECT elements in IE6 because they would otherwise sit on top of the overlay.", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/jQuery/colorbox/jquery.colorbox.js
Method GET
Parameter
Attack
Evidence where
Other Info The following pattern was used: \bWHERE\b and was detected 2 times, the first in the element starting with: " // floating the IMG removes the bottom line-height and fixed a problem where IE miscalculates the width of the parent element ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence bug
Other Info The following pattern was used: \bBUG\b and was detected 11 times, the first in the element starting with: " // hidden; don safety goggles and see bug #4512 for more information).", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence bugs
Other Info The following pattern was used: \bBUGS\b and was detected 3 times, the first in the element starting with: " // discovered by ChrisS here: http://bugs.jquery.com/ticket/12282#comment:15", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected 51 times, the first in the element starting with: " // Logic borrowed from http://json.org/json2.js", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence later
Other Info The following pattern was used: \bLATER\b and was detected 4 times, the first in the element starting with: "// Give the init function the jQuery prototype for later instantiation", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence query
Other Info The following pattern was used: \bQUERY\b and was detected in the element starting with: "//key/values into a query string", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected 21 times, the first in the element starting with: " select,", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence TODO
Other Info The following pattern was used: \bTODO\b and was detected in the element starting with: " // TODO: Stop taunting the data cache; remove global events and always attach to document", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 4 times, the first in the element starting with: " // cache in order to avoid key collisions between internal data and user-defined", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 4 times, the first in the element starting with: " username: null,", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence where
Other Info The following pattern was used: \bWHERE\b and was detected 15 times, the first in the element starting with: " // Handle the case where IE and Opera return items", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/documentation/mutillidae-test-scripts.txt
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 2 times, the first in the element starting with: "<script> function capture(theForm){ var lXMLHTTP; try{ var lData = "username=" + theForm.username.value + "&pas", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> var onSubmitOfForm = function(theForm) { var lText = theForm.idMessageInput.value; ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> var onSubmitOfForm = function(theForm) { var lText = theForm.idMessageInput.value; ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> var onSubmitOfForm = function(theForm) { var lText = theForm.idMessageInput.value; ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=cors.php
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> var onSubmitOfForm = function(theForm) { var lText = theForm.idMessageInput.value; ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> var onSubmitOfForm = function(theForm) { var lText = theForm.idMessageInput.value; ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> var onSubmitOfForm = function(theForm) { var lText = theForm.idMessageInput.value; ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected in the element starting with: "<script type="text/javascript"> var onSubmitOfForm = function(theForm) { var lText = theForm.idMessageInput.value; ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "<script nonce=""> document.addEventListener('DOMContentLoaded', function () { document.getElementById('back-button", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence query
Other Info The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript"> var gUseSafeJSONParser = "TRUE"; var gUseJavaScriptValidation = "TRUE"; var lookupTool = funct", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence query
Other Info The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript"> var gUseSafeJSONParser = "FALSE"; var gUseJavaScriptValidation = "FALSE"; var lookupTool = fun", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence query
Other Info The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript"> var gUseSafeJSONParser = "FALSE"; var gUseJavaScriptValidation = "FALSE"; var lookupTool = fun", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence query
Other Info The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript"> var gUseSafeJSONParser = "TRUE"; var gUseJavaScriptValidation = "TRUE"; <br /> <b>Warning</", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence query
Other Info The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript"> var gUseSafeJSONParser = "FALSE"; var gUseJavaScriptValidation = "FALSE"; <br /> <b>Warning", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence query
Other Info The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript"> var gUseSafeJSONParser = "FALSE"; var gUseJavaScriptValidation = "FALSE"; <br /> <b>Warning", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=set-background-color.php
Method GET
Parameter
Attack
Evidence where
Other Info The following pattern was used: \bWHERE\b and was detected in the element starting with: "<script type="text/javascript"> var onSubmitOfForm = function(/* HTMLForm */ theForm){ try{ var lValidateInput = "tru", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence where
Other Info The following pattern was used: \bWHERE\b and was detected in the element starting with: "<script type="text/javascript"> var onSubmitOfForm = function(/* HTMLForm */ theForm){ try{ var lValidateInput = "fal", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence where
Other Info The following pattern was used: \bWHERE\b and was detected in the element starting with: "<script type="text/javascript"> var onSubmitOfForm = function(/* HTMLForm */ theForm){ try{ var lValidateInput = "fal", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<script nonce=""> document.addEventListener('DOMContentLoaded', function () { document.getElementById('back-button", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "<script type="text/javascript"> var lValidateInput = "TRUE" function onSubmitOfForm(/*HTMLFormElement*/ theForm){ try{ v", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "<script type="text/javascript"> var lValidateInput = "TRUE" function onSubmitOfForm(/*HTMLFormElement*/ theForm){ try{ v", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "<script type="text/javascript"> var lValidateInput = "FALSE" function onSubmitOfForm(/*HTMLFormElement*/ theForm){ try{ ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "<script type="text/javascript"> var lValidateInput = "FALSE" function onSubmitOfForm(/*HTMLFormElement*/ theForm){ try{ ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-info.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "<script type="text/javascript"> var lValidateInput = "TRUE" function onSubmitOfForm(/*HTMLFormElement*/ theForm){ try", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?ToolID=0923ac83-8b50-4eda-ad81-f1aac6168c5c&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence query
Other Info The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript"> var gUseSafeJSONParser = "FALSE"; var gUseJavaScriptValidation = "FALSE"; var lookupTool = fun", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/javascript/ddsmoothmenu/ddsmoothmenu.js
Method GET
Parameter
Attack
Evidence bug
Other Info The following pattern was used: \bBUG\b and was detected in the element starting with: "//** July 27th, 09" (v1.31): Fixed bug so shadows can be disabled if desired.", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/javascript/ddsmoothmenu/ddsmoothmenu.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: " menuleft=(header._offsets.left+menuleft+header._dimensions.subulw>$(window).width())? (header.istopheader && setting.orient", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/javascript/inline-initializers/gritter-init.js
Method GET
Parameter
Attack
Evidence User
Other Info The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: " case "AU1": l_message = "User Authenticated";break;", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/javascript/inline-initializers/populate-web-storage.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected in the element starting with: " window.sessionStorage.setItem("ChuckNorrisJoke1","When Alexander Bell invented the telephone he had 3 missed calls from Chuck ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/javascript/jQuery/colorbox/jquery.colorbox-min.js
Method GET
Parameter
Attack
Evidence db
Other Info The following pattern was used: \bDB\b and was detected in the element starting with: "(function(a,b,c){function Z(c,d,e){var g=b.createElement(c);return d&&(g.id=f+d),e&&(g.style.cssText=e),a(g)}function $(a){var b", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence bug
Other Info The following pattern was used: \bBUG\b and was detected 11 times, the first in the element starting with: " // hidden; don safety goggles and see bug #4512 for more information).", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence bugs
Other Info The following pattern was used: \bBUGS\b and was detected 3 times, the first in the element starting with: " // discovered by ChrisS here: http://bugs.jquery.com/ticket/12282#comment:15", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence from
Other Info The following pattern was used: \bFROM\b and was detected 51 times, the first in the element starting with: " // Logic borrowed from http://json.org/json2.js", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence later
Other Info The following pattern was used: \bLATER\b and was detected 4 times, the first in the element starting with: "// Give the init function the jQuery prototype for later instantiation", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence query
Other Info The following pattern was used: \bQUERY\b and was detected in the element starting with: "//key/values into a query string", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence select
Other Info The following pattern was used: \bSELECT\b and was detected 21 times, the first in the element starting with: " select,", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence TODO
Other Info The following pattern was used: \bTODO\b and was detected in the element starting with: " // TODO: Stop taunting the data cache; remove global events and always attach to document", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 4 times, the first in the element starting with: " // cache in order to avoid key collisions between internal data and user-defined", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 4 times, the first in the element starting with: " username: null,", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/javascript/jQuery/jquery.js
Method GET
Parameter
Attack
Evidence where
Other Info The following pattern was used: \bWHERE\b and was detected 15 times, the first in the element starting with: " // Handle the case where IE and Opera return items", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 2 times, the first in the element starting with: "<script type="text/javascript"> <!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 2 times, the first in the element starting with: "<script type="text/javascript"> <!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method POST
Parameter
Attack
Evidence query
Other Info The following pattern was used: \bQUERY\b and was detected in the element starting with: "<script type="text/javascript"> var gUseSafeJSONParser = "FALSE"; var gUseJavaScriptValidation = "FALSE"; var gDisplayError", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=register.php
Method POST
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "<script type="text/javascript"> <!-- var lValidateInput = "TRUE" function onSubmitOfForm(/*HTMLFormElement*/ theForm){ ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=set-background-color.php
Method POST
Parameter
Attack
Evidence where
Other Info The following pattern was used: \bWHERE\b and was detected in the element starting with: "<script type="text/javascript"> var onSubmitOfForm = function(/* HTMLForm */ theForm){ try{ var lValidateInput = "tru", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method POST
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected in the element starting with: "<script type="text/javascript"> var lValidateInput = "TRUE" function onSubmitOfForm(/*HTMLFormElement*/ theForm){ try{ v", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/documentation/mutillidae-test-scripts.txt
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 3 times, the first in the element starting with: "<!--/* The following is an attempt at humor; albeit a very poor attempt. People often ask "What is the password for samurai?". T", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=home.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "TRUE" function onSubmitOfLogi", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "TRUE" function onSubmitOfLogi", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "TRUE" function onSubmitOfLogi", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=home.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=login.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=login.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=home.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=login.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=login.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "TRUE" function onSubmitOfLogi", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/documentation/mutillidae-test-scripts.txt
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 3 times, the first in the element starting with: "<!--/* The following is an attempt at humor; albeit a very poor attempt. People often ask "What is the password for samurai?". T", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=cache-control.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=client-side-comments.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=conference-room-lookup.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=credits.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=directory-browsing.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=documentation/installation.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=edit-account-profile.php&uid=39
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=edit-account-profile.php&uid=39
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 2 times, the first in the element starting with: "<!-- var lValidateInput = "TRUE" function onSubmitOfForm(/*HTMLFormElement*/ theForm){ try{ if(lValidateInput == "TRUE")", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=framing.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=html5-storage.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-62.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "TRUE" function onSubmitOfLogi", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = true; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLogi", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=conference-room-lookup.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=conference-room-lookup.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=dns-lookup.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=dns-lookup.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=echo.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "TRUE" function onSubmitOfLogi", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=edit-account-profile.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=edit-account-profile.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=repeater.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "TRUE" function onSubmitOfLogi", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "TRUE" function onSubmitOfLogi", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=source-viewer.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "TRUE" function onSubmitOfLogi", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=text-file-viewer.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=text-file-viewer.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-info.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-info.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-poll.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-poll.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=xml-validator.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=xml-validator.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=nice-tabby-cat.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=password-generator.php&username=canary
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=password-generator.php&username=ZAP
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=register.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=register.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 2 times, the first in the element starting with: "<!-- var lValidateInput = "FALSE" function onSubmitOfForm(/*HTMLFormElement*/ theForm){ try{ if(lValidateInput == "T", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=robots-txt.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=text-file-viewer.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 3 times, the first in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 3 times, the first in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 3 times, the first in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 3 times, the first in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-info.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=view-account-profile.php&uid=39
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=xml-validator.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "TRUE" function onSubmitOfLogi", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=login.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=login.php
Method GET
Parameter
Attack
Evidence username
Other Info The following pattern was used: \bUSERNAME\b and was detected 3 times, the first in the element starting with: "<!-- var l_loggedIn = false; var lAuthenticationAttemptResultFlag = -1; var lValidateInput = "FALSE" function onSubmitOfLog", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLO1&page=home.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?ToolID=0923ac83-8b50-4eda-ad81-f1aac6168c5c&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=register.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method POST
Parameter
Attack
Evidence user
Other Info The following pattern was used: \bUSER\b and was detected 2 times, the first in the element starting with: "<!-- I think the database password is set to blank or perhaps samurai. It depends on whether you installed this web app from ", see evidence field for the suspicious comment/snippet.
Instances 335
Solution
Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
Reference
CWE Id 200
WASC Id 13
Plugin Id 10027
Informational
Modern Web Application
Description
The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.
URL http://127.0.0.1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/includes/header.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/includes/header.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/includes/header.php?page=credits.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/includes/header.php?page=show-log.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/includes/header.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/includes/main-menu.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/includes/main-menu.php?page=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/includes/main-menu.php?page=credits.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/includes/main-menu.php?page=show-log.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/includes/main-menu.php?page=text-file-viewer.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=documentation/installation.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=login.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=login.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/webservices/soap/ws-echo.php
Method GET
Parameter
Attack
Evidence <a href='#' onclick="popout();popup('echoMessage')">echoMessage</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/webservices/soap/ws-lookup-dns.php
Method GET
Parameter
Attack
Evidence <a href='#' onclick="popout();popup('lookupDNS')">lookupDNS</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/webservices/soap/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence <a href='#' onclick="popout();popup('testConnectivity')">testConnectivity</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/webservices/soap/ws-user-account.php
Method GET
Parameter
Attack
Evidence <a href='#' onclick="popout();popup('getUser')">getUser</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/?page=credits.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=65
Method GET
Parameter
Attack
Evidence <a ping> or EventSource. <br/> <code> Content-Security-Policy: connect-src https://&lt;domain of the API&gt; </code> <br/> <span class="report-header">Sites using fonts</span> <br/><br/> Sites that use fonts loaded via @font-face should declare from which domains the font source code files are allowed to load. Sites that load fonts from the same domain can set the 'self' directive. If fonts are loaded from other domains, include these partner domains in the directive. <br/> <code> Content-Security-Policy: font-src 'self' https://&lt;partner domain&gt; </code> <br/> <span class="report-header">Other directives</span> <br/><br/> There are several other directives that may be applicable for some sites. Implement the applicable CSP directives <br/><br/> <span id="videos" class="report-header">Videos</span> <br/><br/> <br/>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?forwardurl=10&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?forwardurl=2&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?forwardurl=3&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?forwardurl=4&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?forwardurl=http://www.issa-kentuckiana.org&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org/index.php/Louisville&page=redirectandlog.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=./documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=back-button-discussion.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=browser-info.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=cache-control.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=capture-data.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=client-side-comments.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=client-side-control-challenge.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=conference-room-lookup.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=cors.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=credits.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=directory-browsing.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=documentation/installation.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=documentation/usage-instructions.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=edit-account-profile.php&uid=39
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=framing.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=L1H1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=html5-storage.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-62.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=add-to-your-blog.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=conference-room-lookup.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=dns-lookup.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=echo.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=edit-account-profile.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=repeater.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=source-viewer.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=text-file-viewer.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-info.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-poll.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php&redirectPage=xml-validator.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=nice-tabby-cat.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=password-generator.php&username=canary
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=password-generator.php&username=ZAP
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=phpinfo.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=privilege-escalation.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=register.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=robots-txt.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=secret-administrative-pages.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=set-background-color.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=site-footer-xss-discussion.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=sqlmap-targets.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=ssl-misconfiguration.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SL1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SSLE1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=text-file-viewer.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=L1H0
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SL0
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SL5
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SSLO1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=user-info.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=view-account-profile.php&uid=39
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=xml-validator.php&popUpNotificationCode=AU1
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=/var/www/mutillidae/home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=login.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLO1&page=home.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?ToolID=0923ac83-8b50-4eda-ad81-f1aac6168c5c&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/webservices/soap/ws-echo.php
Method GET
Parameter
Attack
Evidence <a href='#' onclick="popout();popup('echoMessage')">echoMessage</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/webservices/soap/ws-lookup-dns.php
Method GET
Parameter
Attack
Evidence <a href='#' onclick="popout();popup('lookupDNS')">lookupDNS</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/webservices/soap/ws-test-connectivity.php
Method GET
Parameter
Attack
Evidence <a href='#' onclick="popout();popup('testConnectivity')">testConnectivity</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/webservices/soap/ws-user-account.php
Method GET
Parameter
Attack
Evidence <a href='#' onclick="popout();popup('getUser')">getUser</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=html5-storage.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=register.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=set-background-color.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method POST
Parameter
Attack
Evidence <a href="">OWASP 2017</a>
Other Info Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
Instances 376
Solution
This is an informational alert and so no changes are required.
Reference
CWE Id
WASC Id
Plugin Id 10109
Informational
Re-examine Cache-control Directives
Description
The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.
URL https://127.0.0.1/
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/?page=credits.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/documentation/mutillidae-test-scripts.txt
Method GET
Parameter cache-control
Attack
Evidence
Other Info
URL https://127.0.0.1/framer.html
Method GET
Parameter cache-control
Attack
Evidence
Other Info
URL https://127.0.0.1/index.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?forwardurl=10&page=redirectandlog.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?forwardurl=2&page=redirectandlog.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?forwardurl=3&page=redirectandlog.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?forwardurl=4&page=redirectandlog.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.issa-kentuckiana.org&page=redirectandlog.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org&page=redirectandlog.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org/index.php/Louisville&page=redirectandlog.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=./documentation/vulnerabilities.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=L1H0
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SL0
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=/var/www/mutillidae/home.php&popUpNotificationCode=SSLE1
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SL1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=arbitrary-file-inclusion.php&popUpNotificationCode=SSLE1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=back-button-discussion.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=browser-info.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=cache-control.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=capture-data.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SL0
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=capture-data.php&popUpNotificationCode=SSLO1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=L1H1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SL5
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=client-side-comments.php&popUpNotificationCode=SSLO1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=client-side-control-challenge.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=conference-room-lookup.php&popUpNotificationCode=AU1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=L1H1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SL5
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=content-security-policy.php&popUpNotificationCode=SSLE1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=cors.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=L1H1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=credits.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=L1H0
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SL1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=credits.php&popUpNotificationCode=SSLO1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=L1H0
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SL1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=directory-browsing.php&popUpNotificationCode=SSLE1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=documentation/installation.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=documentation/usage-instructions.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=documentation/vulnerabilities.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=edit-account-profile.php&uid=39
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=framing.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=HPH0
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=L1H1
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SL5
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=home.php&popUpNotificationCode=SSLO1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=html5-storage.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SL5
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-14.php&popUpNotificationCode=SSLO1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SL1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-19.php&popUpNotificationCode=SSLE1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-62.php&popUpNotificationCode=SL5
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=login.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=login.php&popUpNotificationCode=L1H0
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=add-to-your-blog.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=conference-room-lookup.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=dns-lookup.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=echo.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=edit-account-profile.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=repeater.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=source-viewer.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=text-file-viewer.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-info.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-poll.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=login.php&redirectPage=xml-validator.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=nice-tabby-cat.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=password-generator.php&username=canary
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=password-generator.php&username=ZAP
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SL1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup-ajax.php&popUpNotificationCode=SSLO1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SL5
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php&popUpNotificationCode=SSLE1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=phpinfo.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SL0
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=phpinfo.php&popUpNotificationCode=SSLE1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=privilege-escalation.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SL1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=redirectandlog.php&popUpNotificationCode=SSLO1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=register.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=robots-txt.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=secret-administrative-pages.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SL1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=set-background-color.php&popUpNotificationCode=SSLO1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=site-footer-xss-discussion.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=sqlmap-targets.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=ssl-misconfiguration.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SL0
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=styling-frame.php&popUpNotificationCode=SSLO1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SL1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=test-connectivity.php&popUpNotificationCode=SSLE1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=text-file-viewer.php&popUpNotificationCode=AU1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=L1H0
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SL0
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=user-agent-impersonation.php&popUpNotificationCode=SSLO1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SL5
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SSLO1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=user-info.php&popUpNotificationCode=AU1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=view-account-profile.php&uid=39
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?page=xml-validator.php&popUpNotificationCode=AU1
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H0&page=login.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=L1H1&page=home.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=/var/www/mutillidae/home.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=home.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL1&page=login.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=/var/www/mutillidae/home.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=home.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SL5&page=login.php
Method GET
Parameter cache-control
Attack
Evidence no-store, no-cache
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=/var/www/mutillidae/home.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=home.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLE1&page=login.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?popUpNotificationCode=SSLO1&page=home.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/index.php?ToolID=0923ac83-8b50-4eda-ad81-f1aac6168c5c&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter cache-control
Attack
Evidence public
Other Info
URL https://127.0.0.1/rene-magritte.php
Method GET
Parameter cache-control
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/rest/ws-test-connectivity.php
Method GET
Parameter cache-control
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-echo.php
Method GET
Parameter cache-control
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-echo.php?wsdl
Method GET
Parameter cache-control
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-lookup-dns.php
Method GET
Parameter cache-control
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-lookup-dns.php?wsdl
Method GET
Parameter cache-control
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-test-connectivity.php
Method GET
Parameter cache-control
Attack
Evidence
Other Info
URL https://127.0.0.1/webservices/soap/ws-test-connectivity.php?wsdl
Method GET
Parameter cache-control
Attack
Evidence
Other Info
Instances 212
Solution
For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public, max-age, immutable".
Reference https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
https://grayduck.mn/2021/09/13/cache-control-recommendations/
CWE Id 525
WASC Id 13
Plugin Id 10015
Informational
Session Management Response Identified
Description
The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to "Auto-Detect" then this rule will change the session management to use the tokens identified.
URL http://127.0.0.1
Method GET
Parameter PHPSESSID
Attack
Evidence bushtl27lv6dsv6c0no7beb4nl
Other Info cookie:PHPSESSID
URL http://127.0.0.1
Method GET
Parameter PHPSESSID
Attack
Evidence he27eau8l4d7t6lultrpjq5t9a
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence 1j6gabf0q1uh6739n2lqisv18u
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence 1nissmi6s7c35gg22slbbogg7u
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence 3tj3cdcd99ick2f58a1i26u0bn
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence 4d60t88nrmpklrm1lreqjhaq9n
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence 5kqgergttu9r0hre9m9bt6si6t
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence 6qc1pb52uvrh49ej39ol4i7plo
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence chciu77gu6p3ih3fptloh2vv4t
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence ck2rtbsm0jd5o6t0cd7pljpi5e
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence co4m2ddcvv73u9rsa7k5p2ujgf
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence droh6gqn1mrgac7ss81mlcmnem
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence e767vbpcgppna8aenkh23e07vi
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence hfj5bj7v2dduep0r30c3g617ek
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence jr3k0q4641vkilgmvj8pavp4pf
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence ksssb68lkmcs2dpje24fa78hou
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence lggatfmotnqjk95jbr00lpdp1o
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence ql27ij8dvr8g7ej1539t37mg4j
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence s3hd1h016g045rc2pg06n2aaf9
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence v0sb7agt3lldo65gudqgsoa4gg
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence v4btpsmigv2qpga91bkijpcpu0
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence vjfa0bfv8hoqj8btnv64fde322
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence 1j6gabf0q1uh6739n2lqisv18u
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence 1nissmi6s7c35gg22slbbogg7u
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence 3tj3cdcd99ick2f58a1i26u0bn
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence 4d60t88nrmpklrm1lreqjhaq9n
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence 5kqgergttu9r0hre9m9bt6si6t
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence 6qc1pb52uvrh49ej39ol4i7plo
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence chciu77gu6p3ih3fptloh2vv4t
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence ck2rtbsm0jd5o6t0cd7pljpi5e
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence co4m2ddcvv73u9rsa7k5p2ujgf
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence e767vbpcgppna8aenkh23e07vi
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence hfj5bj7v2dduep0r30c3g617ek
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence jr3k0q4641vkilgmvj8pavp4pf
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence ksssb68lkmcs2dpje24fa78hou
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence lggatfmotnqjk95jbr00lpdp1o
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence ql27ij8dvr8g7ej1539t37mg4j
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence s3hd1h016g045rc2pg06n2aaf9
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence v0sb7agt3lldo65gudqgsoa4gg
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence v4btpsmigv2qpga91bkijpcpu0
Other Info cookie:PHPSESSID
URL http://127.0.0.1/
Method GET
Parameter PHPSESSID
Attack
Evidence vjfa0bfv8hoqj8btnv64fde322
Other Info cookie:PHPSESSID
Instances 41
Solution
This is an informational alert rather than a vulnerability and so there is nothing to fix.
Reference https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id
CWE Id
WASC Id
Plugin Id 10112
Informational
User Agent Fuzzer
Description
Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.
URL http://127.0.0.1
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/?page=show-log.php
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/classes
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/classes
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/classes
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/classes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/classes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/classes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/classes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/classes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/classes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/classes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/classes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/classes
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/data
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/data
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/data
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/data
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/data
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/data
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/data
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/data
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/data
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/data
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/data
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/data
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/data/
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/data/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/data/accounts.xml
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/data/accounts.xml
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/data/accounts.xml
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/data/accounts.xml
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/data/accounts.xml
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/data/accounts.xml
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/data/accounts.xml
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/data/accounts.xml
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/data/accounts.xml
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/data/accounts.xml
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/data/accounts.xml
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/data/accounts.xml
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/documentation
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/documentation
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/documentation
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/documentation
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/documentation
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/documentation
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/documentation
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/documentation
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/documentation
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/documentation
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/documentation
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/documentation
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/hints-page-wrapper.php?level1HintIncludeFile=81
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/images
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/images
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/images
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/images
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/images/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/images/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/images/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/images/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/images/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/images/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/images/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/images/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/images/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/images/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/images/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/images/gritter
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/includes
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/includes
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/includes
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/includes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/includes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/includes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/includes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/includes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/includes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/includes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/includes
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/includes
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/includes/capture-data.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/includes/capture-data.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/includes/footer.php
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/includes/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/includes/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/includes/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/includes/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/includes/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/includes/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/includes/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/includes/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/includes/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/includes/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/includes/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/includes/hints
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/includes/pop-up-help-context-generator.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/index.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/index.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/index.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/index.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/index.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/index.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/index.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/index.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/index.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/index.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/index.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/index.php
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/index.php?do=toggle-hints&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/index.php?iv=6bc24fc1ab650b25b4114e93a98f1eba&page=view-user-privilege-level.php
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/index.php?page=password-generator.php&username=anonymous
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/index.php?popUpNotificationCode=SL0&page=/var/www/mutillidae/home.php
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/javascript
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/javascript
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/javascript
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/javascript
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/javascript
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/javascript
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/javascript
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/javascript
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/javascript
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/javascript
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/javascript
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/javascript
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/javascript/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/javascript/gritter
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/javascript/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/javascript/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/javascript/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/javascript/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/javascript/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/javascript/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/javascript/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/javascript/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/javascript/hints
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/javascript/hints
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/javascript/inline-initializers
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/javascript/jQuery/colorbox/images
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/javascript/on-page-scripts
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/passwords
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/passwords
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/passwords
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/passwords
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/passwords
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/passwords
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/passwords
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/passwords
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/passwords
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/passwords
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/passwords
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/passwords
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/passwords/
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/passwords/?C=D;O=D
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/passwords/accounts.txt
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/passwords/accounts.txt
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/passwords/accounts.txt
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/passwords/accounts.txt
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/passwords/accounts.txt
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/passwords/accounts.txt
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/passwords/accounts.txt
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/passwords/accounts.txt
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/passwords/accounts.txt
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/passwords/accounts.txt
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/passwords/accounts.txt
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/passwords/accounts.txt
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/styles
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/styles
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/styles
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/styles
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/styles
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/styles
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/styles
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/styles
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/styles
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/styles
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/styles
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/styles
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/styles/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/styles/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/styles/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/styles/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/styles/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/styles/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/styles/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/styles/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/styles/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/styles/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/styles/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/styles/ddsmoothmenu
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/styles/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/styles/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/styles/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/styles/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/styles/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/styles/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/styles/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/styles/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/styles/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/styles/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/styles/gritter
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/styles/gritter
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/webservices
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/webservices
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/webservices
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/webservices
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/webservices
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/webservices
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/webservices
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/webservices
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/webservices
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/webservices
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/webservices
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/webservices
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/webservices/rest
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/webservices/rest
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/webservices/rest
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/webservices/rest
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/webservices/rest
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/webservices/rest
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/webservices/rest
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/webservices/rest
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/webservices/rest
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/webservices/rest
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/webservices/rest
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/webservices/rest
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/webservices/soap
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/webservices/soap
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/webservices/soap
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/webservices/soap
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/webservices/soap
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/webservices/soap
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/webservices/soap
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/webservices/soap
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/webservices/soap
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/webservices/soap
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/webservices/soap
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/webservices/soap
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
Instances 521
Solution
Reference https://owasp.org/wstg
CWE Id
WASC Id
Plugin Id 10104
Informational
User Controllable HTML Element Attribute (Potential XSS)
Description
This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.
URL http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter redirectPage
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: redirectPage=captured-data.php The user-controlled value was: captured-data.php
URL http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter redirectPage
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: redirectPage=show-log.php The user-controlled value was: show-log.php
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php
Method GET
Parameter acam
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php appears to include user input in: a(n) [input] tag [onclick] attribute The user input found was: acam=on The user-controlled value was: onsubmitofform(this.form);
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php
Method GET
Parameter acao
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php appears to include user input in: a(n) [input] tag [onclick] attribute The user input found was: acao=on The user-controlled value was: onsubmitofform(this.form);
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php
Method GET
Parameter acma
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php appears to include user input in: a(n) [input] tag [onclick] attribute The user input found was: acma=on The user-controlled value was: onsubmitofform(this.form);
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php
Method GET
Parameter max-age
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: max-age=600 The user-controlled value was: 600
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php
Method GET
Parameter method
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: method=GET The user-controlled value was: get
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter acam
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1 appears to include user input in: a(n) [input] tag [onclick] attribute The user input found was: acam=on The user-controlled value was: onsubmitofform(this.form);
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter acao
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1 appears to include user input in: a(n) [input] tag [onclick] attribute The user input found was: acao=on The user-controlled value was: onsubmitofform(this.form);
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter acma
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1 appears to include user input in: a(n) [input] tag [onclick] attribute The user input found was: acma=on The user-controlled value was: onsubmitofform(this.form);
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter max-age
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: max-age=600 The user-controlled value was: 600
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1
Method GET
Parameter method
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SL1 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: method=GET The user-controlled value was: get
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter acam
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1 appears to include user input in: a(n) [input] tag [onclick] attribute The user input found was: acam=on The user-controlled value was: onsubmitofform(this.form);
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter acao
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1 appears to include user input in: a(n) [input] tag [onclick] attribute The user input found was: acao=on The user-controlled value was: onsubmitofform(this.form);
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter acma
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1 appears to include user input in: a(n) [input] tag [onclick] attribute The user input found was: acma=on The user-controlled value was: onsubmitofform(this.form);
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter max-age
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: max-age=600 The user-controlled value was: 600
URL https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1
Method GET
Parameter method
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?acam=on&acao=on&acma=on&max-age=600&message=Zaproxy+alias+impedit+expedita+quisquam+pariatur+exercitationem.+Nemo+rerum+eveniet+dolores+rem+quia+dignissimos.&method=GET&page=cors.php&popUpNotificationCode=SSLO1 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: method=GET The user-controlled value was: get
URL https://127.0.0.1/index.php?forwardurl=10&page=redirectandlog.php
Method GET
Parameter forwardurl
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?forwardurl=10&page=redirectandlog.php appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: forwardurl=10 The user-controlled value was: 10
URL https://127.0.0.1/index.php?forwardurl=2&page=redirectandlog.php
Method GET
Parameter forwardurl
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?forwardurl=2&page=redirectandlog.php appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: forwardurl=2 The user-controlled value was: 2
URL https://127.0.0.1/index.php?forwardurl=3&page=redirectandlog.php
Method GET
Parameter forwardurl
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?forwardurl=3&page=redirectandlog.php appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: forwardurl=3 The user-controlled value was: 3
URL https://127.0.0.1/index.php?forwardurl=4&page=redirectandlog.php
Method GET
Parameter forwardurl
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?forwardurl=4&page=redirectandlog.php appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: forwardurl=4 The user-controlled value was: 4
URL https://127.0.0.1/index.php?forwardurl=http://www.issa-kentuckiana.org&page=redirectandlog.php
Method GET
Parameter forwardurl
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?forwardurl=http://www.issa-kentuckiana.org&page=redirectandlog.php appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: forwardurl=http://www.issa-kentuckiana.org The user-controlled value was: http://www.issa-kentuckiana.org
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org&page=redirectandlog.php
Method GET
Parameter forwardurl
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?forwardurl=http://www.owasp.org&page=redirectandlog.php appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: forwardurl=http://www.owasp.org The user-controlled value was: http://www.owasp.org
URL https://127.0.0.1/index.php?forwardurl=http://www.owasp.org/index.php/Louisville&page=redirectandlog.php
Method GET
Parameter forwardurl
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?forwardurl=http://www.owasp.org/index.php/Louisville&page=redirectandlog.php appears to include user input in: a(n) [meta] tag [content] attribute The user input found was: forwardurl=http://www.owasp.org/index.php/Louisville The user-controlled value was: http://www.owasp.org/index.php/louisville
URL https://127.0.0.1/index.php?page=login.php&redirectPage=add-to-your-blog.php
Method GET
Parameter redirectPage
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=login.php&redirectPage=add-to-your-blog.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: redirectPage=add-to-your-blog.php The user-controlled value was: add-to-your-blog.php
URL https://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php
Method GET
Parameter redirectPage
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=login.php&redirectPage=captured-data.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: redirectPage=captured-data.php The user-controlled value was: captured-data.php
URL https://127.0.0.1/index.php?page=login.php&redirectPage=conference-room-lookup.php
Method GET
Parameter redirectPage
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=login.php&redirectPage=conference-room-lookup.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: redirectPage=conference-room-lookup.php The user-controlled value was: conference-room-lookup.php
URL https://127.0.0.1/index.php?page=login.php&redirectPage=dns-lookup.php
Method GET
Parameter redirectPage
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=login.php&redirectPage=dns-lookup.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: redirectPage=dns-lookup.php The user-controlled value was: dns-lookup.php
URL https://127.0.0.1/index.php?page=login.php&redirectPage=echo.php
Method GET
Parameter redirectPage
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=login.php&redirectPage=echo.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: redirectPage=echo.php The user-controlled value was: echo.php
URL https://127.0.0.1/index.php?page=login.php&redirectPage=edit-account-profile.php
Method GET
Parameter redirectPage
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=login.php&redirectPage=edit-account-profile.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: redirectPage=edit-account-profile.php The user-controlled value was: edit-account-profile.php
URL https://127.0.0.1/index.php?page=login.php&redirectPage=repeater.php
Method GET
Parameter redirectPage
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=login.php&redirectPage=repeater.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: redirectPage=repeater.php The user-controlled value was: repeater.php
URL https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php
Method GET
Parameter redirectPage
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=login.php&redirectPage=show-log.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: redirectPage=show-log.php The user-controlled value was: show-log.php
URL https://127.0.0.1/index.php?page=login.php&redirectPage=source-viewer.php
Method GET
Parameter redirectPage
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=login.php&redirectPage=source-viewer.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: redirectPage=source-viewer.php The user-controlled value was: source-viewer.php
URL https://127.0.0.1/index.php?page=login.php&redirectPage=text-file-viewer.php
Method GET
Parameter redirectPage
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=login.php&redirectPage=text-file-viewer.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: redirectPage=text-file-viewer.php The user-controlled value was: text-file-viewer.php
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-info.php
Method GET
Parameter redirectPage
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=login.php&redirectPage=user-info.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: redirectPage=user-info.php The user-controlled value was: user-info.php
URL https://127.0.0.1/index.php?page=login.php&redirectPage=user-poll.php
Method GET
Parameter redirectPage
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=login.php&redirectPage=user-poll.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: redirectPage=user-poll.php The user-controlled value was: user-poll.php
URL https://127.0.0.1/index.php?page=login.php&redirectPage=xml-validator.php
Method GET
Parameter redirectPage
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=login.php&redirectPage=xml-validator.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: redirectPage=xml-validator.php The user-controlled value was: xml-validator.php
URL https://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae
Method GET
Parameter page-to-frame
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae appears to include user input in: a(n) [iframe] tag [src] attribute The user input found was: page-to-frame=styling.php?page-title=Styling with Mutillidae The user-controlled value was: styling.php?page-title=styling with mutillidae
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method GET
Parameter page
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=user-info-xpath.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: page=user-info-xpath.php The user-controlled value was: user-info-xpath.php
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter page
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: page=user-info-xpath.php The user-controlled value was: user-info-xpath.php
URL https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP
Method GET
Parameter user-info-php-submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=user-info-xpath.php&password=ZAP&user-info-php-submit-button=View+Account+Details&username=ZAP appears to include user input in: a(n) [input] tag [value] attribute The user input found was: user-info-php-submit-button=View Account Details The user-controlled value was: view account details
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SL5
Method GET
Parameter page
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SL5 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: page=user-info-xpath.php The user-controlled value was: user-info-xpath.php
URL https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SSLO1
Method GET
Parameter page
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=user-info-xpath.php&popUpNotificationCode=SSLO1 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: page=user-info-xpath.php The user-controlled value was: user-info-xpath.php
URL https://127.0.0.1/index.php?page=user-info.php&popUpNotificationCode=AU1
Method GET
Parameter page
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=user-info.php&popUpNotificationCode=AU1 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: page=user-info.php The user-controlled value was: user-info.php
URL https://127.0.0.1/index.php?page=xml-validator.php&popUpNotificationCode=AU1
Method GET
Parameter page
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=xml-validator.php&popUpNotificationCode=AU1 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: page=xml-validator.php The user-controlled value was: xml-validator.php
URL https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter page
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: page=document-viewer.php The user-controlled value was: document-viewer.php
URL https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter PathToDocument
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php appears to include user input in: a(n) [iframe] tag [src] attribute The user input found was: PathToDocument=robots.txt The user-controlled value was: robots.txt
URL https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php
Method GET
Parameter PathToDocument
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?PathToDocument=robots.txt&page=document-viewer.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: PathToDocument=robots.txt The user-controlled value was: robots.txt
URL https://127.0.0.1/index.php?ToolID=0923ac83-8b50-4eda-ad81-f1aac6168c5c&page=pen-test-tool-lookup-ajax.php
Method GET
Parameter ToolID
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?ToolID=0923ac83-8b50-4eda-ad81-f1aac6168c5c&page=pen-test-tool-lookup-ajax.php appears to include user input in: a(n) [option] tag [value] attribute The user input found was: ToolID=0923ac83-8b50-4eda-ad81-f1aac6168c5c The user-controlled value was: 0923ac83-8b50-4eda-ad81-f1aac6168c5c
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-14.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-14.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-14.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL http://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-14.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-19.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-19.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-19.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL http://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-19.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-53.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-53.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-53.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL http://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-53.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-54.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-54.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-54.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL http://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=labs/lab-54.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter login-php-submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=login.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: login-php-submit-button=Login The user-controlled value was: login-php-submit-button
URL http://127.0.0.1/index.php?page=login.php
Method POST
Parameter login-php-submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: http://127.0.0.1/index.php?page=login.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: login-php-submit-button=Login The user-controlled value was: login
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method POST
Parameter content-security-policy-php-submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=content-security-policy.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: content-security-policy-php-submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method POST
Parameter content-security-policy-php-submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=content-security-policy.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: content-security-policy-php-submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=content-security-policy.php
Method POST
Parameter content-security-policy-php-submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=content-security-policy.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: content-security-policy-php-submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=html5-storage.php
Method POST
Parameter SessionStorageType
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=html5-storage.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: SessionStorageType=Session The user-controlled value was: sessionstoragetype
URL https://127.0.0.1/index.php?page=html5-storage.php
Method POST
Parameter SessionStorageType
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=html5-storage.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: SessionStorageType=Session The user-controlled value was: session
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-1.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-1.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-1.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-1.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-1.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-10.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-10.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-10.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-10.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-10.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-11.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-11.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-11.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-11.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-11.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-12.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-12.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-12.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-12.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-12.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-13.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-13.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-13.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-13.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-13.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-14.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-14.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-14.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-14.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-14.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-15.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-15.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-15.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-15.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-15.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-16.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-16.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-16.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-16.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-16.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-17.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-17.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-17.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-17.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-17.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-18.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-18.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-18.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-18.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-18.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-19.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-19.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-19.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-19.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-19.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-2.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-2.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-2.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-2.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-2.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-20.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-20.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-20.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-20.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-20.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-21.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-21.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-21.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-21.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-21.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-22.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-22.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-22.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-22.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-22.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-23.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-23.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-23.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-23.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-23.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0 appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0 appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0 appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-23.php&popUpNotificationCode=SL0 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-24.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-24.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-24.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-24.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-24.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-25.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-25.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-25.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-25.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-25.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-26.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-26.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-26.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-26.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-26.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-27.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-27.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-27.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-27.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-27.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-28.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-28.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-28.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-28.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-28.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-29.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-29.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-29.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-29.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-29.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-3.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-3.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-3.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-3.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-3.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-30.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-30.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-30.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-30.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-30.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-31.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-31.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-31.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-31.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-31.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-32.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-32.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-32.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-32.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-32.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-33.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-33.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-33.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-33.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-33.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-34.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-34.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-34.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-34.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-34.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-35.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-35.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-35.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-35.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-35.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-36.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-36.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-36.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-36.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-36.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-37.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-37.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-37.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-37.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-37.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-38.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-38.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-38.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-38.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-38.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-39.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-39.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-39.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-39.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-39.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-4.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-4.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-4.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-4.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-4.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-40.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-40.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-40.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-40.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-40.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-41.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-41.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-41.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-41.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-41.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-42.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-42.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-42.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-42.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-42.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-43.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-43.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-43.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-43.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-43.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-44.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-44.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-44.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-44.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-44.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-45.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-45.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-45.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-45.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-45.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-46.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-46.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-46.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-46.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-46.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-47.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-47.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-47.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-47.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-47.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-48.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-48.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-48.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-48.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-48.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-49.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-49.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-49.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-49.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-49.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-5.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-5.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-5.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-5.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-5.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-50.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-50.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-50.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-50.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-50.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-51.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-51.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-51.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-51.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-51.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-52.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-52.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-52.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-52.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-52.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-53.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-53.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-53.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-53.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-53.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-54.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-54.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-54.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-54.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-54.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-55.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-55.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-55.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-55.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-55.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-56.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-56.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-56.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-56.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-56.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-57.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-57.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-57.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-57.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-57.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-58.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-58.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-58.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-58.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-58.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-59.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-59.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-59.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-59.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-59.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-6.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-6.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-6.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-6.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-6.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-60.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-60.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-60.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-60.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-60.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-61.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-61.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-61.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-61.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-61.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0 appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0 appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0 appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-61.php&popUpNotificationCode=SL0 appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-62.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-62.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-62.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-62.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-62.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-63.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-63.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-63.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-63.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-63.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-7.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-7.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-7.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-7.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-7.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-8.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-8.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-8.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-8.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-8.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-9.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-9.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: submit-button=Submit The user-controlled value was: submit-button
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-9.php appears to include user input in: a(n) [input] tag [type] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=labs/lab-9.php
Method POST
Parameter submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=labs/lab-9.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: submit-button=Submit The user-controlled value was: submit
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter login-php-submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=login.php appears to include user input in: a(n) [input] tag [name] attribute The user input found was: login-php-submit-button=Login The user-controlled value was: login-php-submit-button
URL https://127.0.0.1/index.php?page=login.php
Method POST
Parameter login-php-submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=login.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: login-php-submit-button=Login The user-controlled value was: login
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method POST
Parameter pen-test-tool-lookup-php-submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=pen-test-tool-lookup.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: pen-test-tool-lookup-php-submit-button=Lookup Tool The user-controlled value was: lookup tool
URL https://127.0.0.1/index.php?page=pen-test-tool-lookup.php
Method POST
Parameter ToolID
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=pen-test-tool-lookup.php appears to include user input in: a(n) [option] tag [value] attribute The user input found was: ToolID=0923ac83-8b50-4eda-ad81-f1aac6168c5c The user-controlled value was: 0923ac83-8b50-4eda-ad81-f1aac6168c5c
URL https://127.0.0.1/index.php?page=register.php
Method POST
Parameter register-php-submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=register.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: register-php-submit-button=Create Account The user-controlled value was: create account
URL https://127.0.0.1/index.php?page=set-background-color.php
Method POST
Parameter set-background-color-php-submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=set-background-color.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: set-background-color-php-submit-button=Set Background Color The user-controlled value was: set background color
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method POST
Parameter echo-php-submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=test-connectivity.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: echo-php-submit-button=Test Connectivity The user-controlled value was: test connectivity
URL https://127.0.0.1/index.php?page=test-connectivity.php
Method POST
Parameter ServerURL
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=test-connectivity.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: ServerURL=http://127.0.0.1/webservices/rest/ws-test-connectivity.php The user-controlled value was: http://127.0.0.1/webservices/rest/ws-test-connectivity.php
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method POST
Parameter page
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=user-info-xpath.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: page=user-info-xpath.php The user-controlled value was: user-info-xpath.php
URL https://127.0.0.1/index.php?page=user-info-xpath.php
Method POST
Parameter user-info-php-submit-button
Attack
Evidence
Other Info User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL: https://127.0.0.1/index.php?page=user-info-xpath.php appears to include user input in: a(n) [input] tag [value] attribute The user input found was: user-info-php-submit-button=View Account Details The user-controlled value was: view account details
Instances 342
Solution
Validate all input and sanitize output it before writing to any HTML attributes.
Reference https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
CWE Id 20
WASC Id 20
Plugin Id 10031
Informational
WSDL File Detection
Description
A WSDL File has been detected.
URL http://127.0.0.1/webservices/soap/ws-echo.php?wsdl
Method GET
Parameter
Attack
Evidence text/xml; charset=ISO-8859-1
Other Info A WSDL File has been detected.
URL http://127.0.0.1/webservices/soap/ws-lookup-dns.php?wsdl
Method GET
Parameter
Attack
Evidence text/xml; charset=ISO-8859-1
Other Info A WSDL File has been detected.
URL http://127.0.0.1/webservices/soap/ws-test-connectivity.php?wsdl
Method GET
Parameter
Attack
Evidence text/xml; charset=ISO-8859-1
Other Info A WSDL File has been detected.
URL http://127.0.0.1/webservices/soap/ws-user-account.php?wsdl
Method GET
Parameter
Attack
Evidence text/xml; charset=ISO-8859-1
Other Info A WSDL File has been detected.
URL https://127.0.0.1/webservices/soap/ws-echo.php?wsdl
Method GET
Parameter
Attack
Evidence text/xml; charset=ISO-8859-1
Other Info A WSDL File has been detected.
URL https://127.0.0.1/webservices/soap/ws-lookup-dns.php?wsdl
Method GET
Parameter
Attack
Evidence text/xml; charset=ISO-8859-1
Other Info A WSDL File has been detected.
URL https://127.0.0.1/webservices/soap/ws-test-connectivity.php?wsdl
Method GET
Parameter
Attack
Evidence text/xml; charset=ISO-8859-1
Other Info A WSDL File has been detected.
URL https://127.0.0.1/webservices/soap/ws-user-account.php?wsdl
Method GET
Parameter
Attack
Evidence text/xml; charset=ISO-8859-1
Other Info A WSDL File has been detected.
Instances 8
Solution
Make your WSDL files visible only for technical issues (ex: testing purposes).
Reference
CWE Id
WASC Id 13
Plugin Id 90030